OPRUN-4544,OPRUN-4542: add lifecycle-controller for managing catalog lifecycle pods

[perdasilva]

Summary

Introduces a lifecycle-controller that watches CatalogSources and manages per-catalog lifecycle-server deployments with their supporting infrastructure. Manifests and deployment configuration are tracked in a separate PR.

For each matching CatalogSource with a running catalog pod, the controller creates a Deployment, ServiceAccount, Service, and NetworkPolicy using server-side apply. A shared ClusterRoleBinding aggregates all lifecycle-server ServiceAccounts and is reconciled on every change. Namespace-scoped resources are cleaned up automatically via Kubernetes garbage collection (owner references); the ClusterRoleBinding — which cannot use owner references across scope boundaries — is maintained through a finalizer on matching CatalogSources.

Resource lifecycle

• Finalizers are only added to CatalogSources that match the configured label/field selectors; uses MergeFrom patch instead of full object Update to avoid conflict errors from concurrent metadata changes
• If a CatalogSource stops matching (e.g., label change), the finalizer is removed and the CRB is reconciled
• On deletion, reconcileClusterRoleBinding skips CatalogSources with a DeletionTimestamp set, ensuring the subject is removed during the finalizer flow rather than relying solely on GC timing
• As a safety net, the NotFound path also triggers CRB reconciliation to clean up any stale subjects after GC deletes owned ServiceAccounts

Operational details

• Readiness gating: readyz check blocks until informer caches have synced, preventing premature traffic routing
• Cache scoping: CatalogSource informer is restricted by the --catalog-source-field-selector flag (typically metadata.namespace=openshift-marketplace), reducing memory footprint on clusters with many CatalogSources
• Memory limits: 200Mi on dynamically created lifecycle-server deployments (complementing GOMEMLIMIT soft cap of 50MiB)
• Non-blocking TLS channel: the TLS profile change callback uses select/default to avoid blocking if events are not consumed fast enough; dropped events are harmless since the TLSConfigProvider is already updated and the next reconciliation picks up the current config
• Collision resistance: resource name hash uses 8 hex characters (32-bit), providing a collision threshold of ~65K truncated names

Commits

1. vendor: update openshift/api and openshift/library-go — vendored dependencies for TLS profile support
2. feat: add lifecycle-controller for managing catalog lifecycle pods — controller code, unit tests, Makefile, Dockerfile

Key Components

• cmd/lifecycle-controller/ — CLI entrypoint with TLS profile watching, leader election, metrics serving with authn/authz, health/readiness probes
• pkg/lifecycle-controller/controller.go — SSA-based reconciler: creates/updates lifecycle-server resources per CatalogSource, manages shared ClusterRoleBinding, relies on owner references for GC-based cleanup
• pkg/lifecycle-controller/tls.go — Thread-safe TLS config provider that dynamically updates when the cluster TLS profile changes

Created Resources (per CatalogSource)

Resource	Scope	Cleanup	Purpose
ServiceAccount	Namespace	Owner ref GC	Identity for lifecycle-server pods
Deployment	Namespace	Owner ref GC	Runs lifecycle-server with OCI image volume (catalog data)
Service	Namespace	Owner ref GC	Exposes API on 8443; serving-cert-secret-name triggers cert generation
NetworkPolicy	Namespace	Owner ref GC	Ingress: 8443; Egress: API server (6443) + DNS (53/5353)
ClusterRoleBinding	Cluster	Finalizer	Binds all lifecycle-server SAs to the static ClusterRole

Test plan

• Unit tests (33 tests): resource name generation, reconciliation lifecycle, CRB management, deployment spec, TLS provider, predicates, mapping functions, error paths, idempotency, concurrent TLS access
• Manual validation on live OCP cluster
• E2E tests (follow-up PR, OTE under test-extension)
• go build ./cmd/lifecycle-controller/... succeeds
• go test ./pkg/lifecycle-controller/... passes (33/33)

🤖 Generated with Claude Code

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds a lifecycle-controller and lifecycle-server: new CLIs and managers, a controller that watches CatalogSources and provisions per-catalog lifecycle-server workloads, a lifecycle-server that indexes/serves FBC lifecycle JSON, TLS/profile support, manifests, RBAC, build wiring, and extensive unit and E2E tests.

Changes

Lifecycle controller + lifecycle server feature

Layer / File(s)	Summary
Data Shape & Indexing pkg/lifecycle-server/fbc.go	Adds LifecycleIndex and LoadLifecycleData to walk FBC JSON blobs, index by schema version and package, and helpers CountBlobs/CountPackages/ListVersions.
Core Server Handlers pkg/lifecycle-server/server.go	Adds NewHandler and NewHealthHandler serving /api/{version}/lifecycles/{package} and /healthz,/readyz using LifecycleIndex.
Server FBC Tests pkg/lifecycle-server/fbc_test.go, pkg/lifecycle-server/server_test.go	Comprehensive tests for schema regex, LoadLifecycleData behaviors, indexing helpers, routing, concurrency, and byte-for-byte blob retention.
Controller Core Logic pkg/lifecycle-controller/controller.go	Adds LifecycleServerReconciler: match CatalogSources, select catalog pod (image digest/node), build/apply per-catalog ServiceAccount/Service/Deployment/NetworkPolicy, manage shared ClusterRoleBinding subjects, and cleanup logic; label/selector predicates and mapping helpers.
Controller Unit & Integration Tests pkg/lifecycle-controller/controller_test.go	Large test suite covering name hashing, image digest extraction, affinity, builders (Service/SA/Deployment/NetworkPolicy), reconcile flows (create, update, cleanup), ClusterRoleBinding behavior, event predicates, and error propagation.
TLS Provider pkg/lifecycle-controller/tls.go, pkg/lifecycle-controller/tls_test.go	Adds concurrency-safe TLSConfigProvider with Get/UpdateProfile, cloned tls.Config returns, GetCertificate callback wiring, and concurrency tests.
Controller CLI & Manager cmd/lifecycle-controller/main.go, cmd/lifecycle-controller/start.go, cmd/lifecycle-controller/util.go	New Cobra CLI and start logic: parse flags, build manager with secure metrics using TLSConfigProvider, scoped cache, optional TLSProfile watcher, and register LifecycleServerReconciler; scheme and catalog-pod selector helpers.
Server CLI & Runtime cmd/lifecycle-server/main.go, cmd/lifecycle-server/start.go	New Cobra CLI and start logic: parse FBC path and TLS flags, dynamic cert reloading, build authn/authz filter, load lifecycle data, run HTTPS API and plain health servers with graceful context shutdown.
Build & Module Wiring Makefile, go.mod, operator-lifecycle-manager.Dockerfile	Adds LIFECYCLE_CONTROLLER_CMD/LIFECYCLE_SERVER_CMD build targets in Makefile; go.mod dependency updates and replace directive; Dockerfile copies both runtime binaries into image.
Manifest Generation & Kustomize scripts/generate_crds_manifests.sh, microshift-manifests/kustomization.yaml	Extend manifest generator and microshift kustomization to include lifecycle-controller/server artifacts.
Kubernetes Manifests manifests/0000_50_olm_08-lifecycle-controller.*, manifests/0000_50_olm_09-lifecycle-server.rbac.yaml, microshift-manifests/...	Adds lifecycle-controller Deployment, Service, NetworkPolicy, ClusterRole/ClusterRoleBinding/ServiceAccount, and lifecycle-server ClusterRole for kube-rbac-proxy token/subjectaccessreviews; microshift variants included.
E2E Tests & Test Images staging/operator-lifecycle-manager/test/e2e/*, staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/*, pkg/lifecycle-controller/TODO.md	Adds Ginkgo E2E suites for controller and server verification (reconciliation, API responses, health, auth behavior), test image Dockerfiles, catalogs, build helper script, and E2E TODO checklist.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant CatalogSource as CatalogSource (CR)
    participant Controller as lifecycle-controller
    participant KubeAPI as Kubernetes API
    participant CatalogPod as Catalog Pod
    participant TLSProfile as Apiserver TLSProfile
    participant TLSProv as TLSConfigProvider
    participant LifecycleDep as Lifecycle Deployment (per-catalog)
    participant LifecycleSvc as lifecycle-server Pod
    participant Client as Client

    CatalogSource->>KubeAPI: create/update CatalogSource
    KubeAPI->>Controller: watch event
    Controller->>KubeAPI: list/watch Pods (olm.catalogSource selector)
    KubeAPI->>CatalogPod: return matching pods
    Controller->>CatalogPod: inspect status, image digest, node
    Controller->>KubeAPI: apply per-catalog ServiceAccount/Service/Deployment/NetworkPolicy
    Controller->>KubeAPI: update shared ClusterRoleBinding subjects
    TLSProfile->>Controller: notify TLS profile change (optional)
    Controller->>TLSProv: UpdateProfile(newSpec)
    TLSProv->>LifecycleDep: provide tls.Config with GetCertificate
    LifecycleDep->>LifecycleSvc: lifecycle-server starts and serves API over TLS
    Client->>LifecycleSvc: HTTPS GET /api/{version}/lifecycles/{package}
    LifecycleSvc->>LifecycleSvc: lookup LifecycleIndex and respond (200/404/503)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

[perdasilva]

/hold this one should come after #1284

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: perdasilva

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• DOWNSTREAM_OWNERS [perdasilva]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@perdasilva: This pull request references OPRUN-4544 which is a valid jira issue.

This pull request references OPRUN-4542 which is a valid jira issue.

Details

In response to this:

Summary

• Introduces a lifecycle-controller that watches CatalogSources and manages per-catalog lifecycle-server deployments
• For each matching CatalogSource with a running pod, the controller creates a Deployment, ServiceAccount, Service, and NetworkPolicy using server-side apply
• Maintains a shared ClusterRoleBinding across all lifecycle-server instances
• Watches the OpenShift APIServer TLS security profile and triggers rolling restarts of lifecycle-server deployments when it changes
• Includes RBAC, Deployment, Service, NetworkPolicy manifests gated behind TechPreviewNoUpgrade
• Depends on OPRUN-4541,OPRUN-4544: add lifecycle-server for serving FBC catalog lifecycle metadata #1284 (lifecycle-server)

Key Components

• cmd/lifecycle-controller/ — CLI entrypoint with TLS profile watching, leader election, metrics serving with authn/authz, health/readiness probes
• pkg/lifecycle-controller/controller.go — SSA-based reconciler: creates/updates/deletes lifecycle-server resources per CatalogSource, manages shared ClusterRoleBinding
• pkg/lifecycle-controller/tls.go — Thread-safe TLS config provider that dynamically updates when the cluster TLS profile changes
• manifests/ and microshift-manifests/ — Deployment, RBAC, Service, NetworkPolicy manifests

Test plan

• Unit tests for resource name generation including truncation, empty names, special characters (TestResourceName)
• Unit tests for full reconciliation lifecycle: create, update, delete, selector filtering (TestReconcile*)
• Unit tests for ClusterRoleBinding reconciliation with multiple CatalogSources (TestReconcileClusterRoleBinding*)
• Unit tests for deployment spec generation including probes, security context, volumes, TLS args (TestBuildDeployment*)
• Unit tests for TLS config provider: thread safety, profile updates, certificate preservation (TestTLSConfigProvider*)
• Unit tests for pod-to-CatalogSource mapping and predicates (TestMapPodToCatalogSource, TestCatalogPodPredicate)
• go build ./cmd/lifecycle-controller/... succeeds
• go test ./pkg/lifecycle-controller/... passes
• go mod verify clean

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

• Introduced lifecycle-controller and lifecycle-server components as new OLM deployments with health and metrics endpoints

• Added HTTP API for querying lifecycle catalog information by version and package

• Configured TLS, RBAC, and NetworkPolicy security controls for the new components

• Documentation

• Added end-to-end test scenario outline for lifecycle controller validation

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 5

🧹 Nitpick comments (4)

pkg/lifecycle-controller/controller.go (2)

341-358: 💤 Low value

Consider defensive validation for edge cases in resourceName.

While CatalogSource names must be valid Kubernetes object names (and thus DNS-compliant), the transformation could theoretically produce an invalid DNS label in edge cases:

• Input "..." → "---" → "" after TrimRight → "-lifecycle-server" (starts with hyphen)
• Input "123" → "123-lifecycle-server" (starts with digit, technically invalid for DNS subdomain)

In practice, CatalogSource names follow Kubernetes naming rules, making these cases unlikely. However, adding a simple validation or using strings.TrimLeft(csName, "-") after processing would be more defensive.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller.go` around lines 341 - 358, Update
resourceName to defensively remove leading hyphens and ensure the final label
starts with a letter: after the existing TrimRight(csName, "-") call, add
strings.TrimLeft(csName, "-") to remove leading dashes, and if csName is empty
set csName = "a" (or otherwise ensure it will not be empty before appending the
suffix). Also, if the first rune of csName is not a lowercase letter (e.g., it
starts with a digit), prefix it with "a" so the final value (csName + "-" +
resourceBaseName) begins with a letter; adjust truncation logic if necessary so
the combined length still respects maxPrefix. Reference: function resourceName
and constant resourceBaseName.

---

696-710: 💤 Low value

TLS profile change handler swallows list error.

When listing CatalogSources fails (line 699), the error is logged but the function returns nil, causing no reconciliation requests to be enqueued. This silently drops the TLS profile update. Consider returning an error or implementing retry logic.

Note: The current behavior may be intentional since individual CatalogSources will eventually reconcile on their own triggers, picking up the new TLS config. However, this could delay TLS profile propagation.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller.go` around lines 696 - 710, The handler
passed to bldr.WatchesRawSource (handler.TypedEnqueueRequestsFromMapFunc)
currently swallows errors from mgr.GetClient().List and returns nil, dropping
the TLS profile update; change the map func to accept the full
configv1.TLSProfile object (rather than TLSProfileSpec) so you can return a
reconcile.Request that requeues the TLSProfile itself when mgr.GetClient().List
fails (use client.ObjectKeyFromObject on the TLSProfile param), and keep the
original behavior of returning CatalogSource requests on success; update the
TypedEnqueueRequestsFromMapFunc signature and its callers accordingly and ensure
r.Log.Error still logs the error.

pkg/lifecycle-controller/controller_test.go (1)

108-163: 💤 Low value

Good test coverage for resourceName - consider adding edge case tests.

The test cases cover common scenarios well (special characters, truncation, trailing hyphens). Consider adding tests for edge cases that could produce invalid DNS labels:

• Input containing only special characters (e.g., "..." or "___")
• Input starting with digits after transformation

These are unlikely in practice but would document the function's behavior boundaries.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller_test.go` around lines 108 - 163, Add
tests in TestResourceName to cover edge cases where the input is only special
characters (e.g., "..." or "___") and where the transformed name starts with
digits; call resourceName with these inputs and assert the returned string
respects DNS label rules (lowercase, hyphens only, no leading/trailing hyphen,
max 63 chars) and matches the expected output you decide (e.g., suffix-only
"lifecycle-server" or a cleaned name that does not start with a digit). Use the
same t.Run structure and require assertions (require.Equal and
require.LessOrEqual) so TestResourceName continues to validate length and exact
output for these edge-case inputs.

cmd/lifecycle-controller/start.go (1)

204-209: 💤 Low value

Add logging when falling back to default TLS profile.

When FetchAPIServerTLSProfile fails, the function silently returns the default profile with EnableTLSProfileWatcher = false. This hides potential configuration issues. Consider logging the error to aid debugging.

Proposed fix

 func getInitialTLSProfile(ctx context.Context, restConfig *rest.Config, sch *runtime.Scheme) (configv1.TLSProfileSpec, bool, error) {
 	cl, err := client.New(restConfig, client.Options{Scheme: sch})
 	if err != nil {
 		return configv1.TLSProfileSpec{}, false, fmt.Errorf("failed to create client: %w", err)
 	}
 	initialTLSProfileSpec, err := tlsutil.FetchAPIServerTLSProfile(ctx, cl)
 	if err != nil {
+		klog.V(2).Info("unable to fetch APIServer TLS profile, using default", "error", err)
 		return *configv1.TLSProfiles[crypto.DefaultTLSProfileType], false, nil
 	}
 	return initialTLSProfileSpec, true, nil
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@cmd/lifecycle-controller/start.go` around lines 204 - 209, When
tlsutil.FetchAPIServerTLSProfile(ctx, cl) returns an error, add a log statement
that records the error and context before returning the default profile;
specifically, log the error (e.g., using klog.Errorf or the controller's logger)
inside the error branch that currently returns
*configv1.TLSProfiles[crypto.DefaultTLSProfileType], false, nil so callers still
get the default profile and EnableTLSProfileWatcher=false but the failure is
visible for debugging.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 254: The replace directive referencing
github.com/joelanford/controller-runtime-common with pseudo-version ending in
afe447e6c57e is incorrect because that commit exists only in upstream
openshift/controller-runtime-common; either change the replace to point to the
upstream module (github.com/openshift/controller-runtime-common) at the
PR/commit that contains afe447e6c57e, or update the fork
(github.com/joelanford/controller-runtime-common) to include that commit and
re-generate the pseudo-version; also add a clear comment in go.mod next to the
replace indicating this is a temporary override and include a planned removal
date or ticket reference so the replace can be removed once the correct upstream
release is available.

In `@manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml`:
- Around line 62-67: The GOMEMLIMIT env var is set to an unreasonably low "5MiB"
causing excessive GC; update the GOMEMLIMIT value (env name GOMEMLIMIT) to a
realistic budget aligned with the controller pod memory (e.g., match
resources.requests.memory and resources.limits.memory — raise requests.memory
from 10Mi to a sensible value such as 128Mi and set a corresponding
resources.limits.memory), and apply the same GOMEMLIMIT and resource changes to
the mirrored microshift deployment manifests so both deployments use the same
memory budget.

In `@manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml`:
- Around line 20-32: The NetworkPolicy egress currently only restricts ports
(egress block listing ports 6443, 53, 5353) which allows traffic to any
destination; update the egress rules to include explicit "to" selectors for each
destination: add a rule targeting the API server endpoint (e.g., the cluster API
server IP or service via an ipBlock or a namespaceSelector/podSelector for
kube-system/kube-apiserver) for port 6443, and rules targeting the cluster DNS
service (kube-dns or coredns Service IP or selector) for ports 53 and 5353 (both
TCP/UDP as appropriate), ensuring each egress entry pairs its ports with the
correct "to" clause to enforce least privilege.

In `@microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml`:
- Around line 20-32: The egress rules currently allow wide-open access to ports
6443, 53 and 5353; constrain them by adding "to" destination selectors for each
port group: for the API server egress (port 6443) add a "to" that targets the
API server endpoints (e.g., podSelector or namespaceSelector that matches the
control-plane/apiserver pods or the API server Service endpoints) and for DNS
egress (ports 53 and 5353) add a "to" that targets DNS backends (e.g.,
podSelector matching app: coredns or k8s-app: kube-dns or the cluster DNS
Service endpoints); update the egress entries around the port lists (ports: 6443
/ ports: 53,5353) to include the corresponding "to" blocks so traffic is limited
to the API server and DNS targets only.

In `@scripts/generate_crds_manifests.sh`:
- Around line 763-766: The RBAC block that manages lifecycle-server
clusterrolebindings currently includes the "delete" verb for resource
"clusterrolebindings"; remove "delete" from the verbs list (leave "get", "list",
"watch", "create", "update", "patch") so the reconciler can manage/apply CRBs
but cannot delete them, tightening permissions for the lifecycle-server
clusterrolebindings entry that references "clusterrolebindings".

---

Nitpick comments:
In `@cmd/lifecycle-controller/start.go`:
- Around line 204-209: When tlsutil.FetchAPIServerTLSProfile(ctx, cl) returns an
error, add a log statement that records the error and context before returning
the default profile; specifically, log the error (e.g., using klog.Errorf or the
controller's logger) inside the error branch that currently returns
*configv1.TLSProfiles[crypto.DefaultTLSProfileType], false, nil so callers still
get the default profile and EnableTLSProfileWatcher=false but the failure is
visible for debugging.

In `@pkg/lifecycle-controller/controller_test.go`:
- Around line 108-163: Add tests in TestResourceName to cover edge cases where
the input is only special characters (e.g., "..." or "___") and where the
transformed name starts with digits; call resourceName with these inputs and
assert the returned string respects DNS label rules (lowercase, hyphens only, no
leading/trailing hyphen, max 63 chars) and matches the expected output you
decide (e.g., suffix-only "lifecycle-server" or a cleaned name that does not
start with a digit). Use the same t.Run structure and require assertions
(require.Equal and require.LessOrEqual) so TestResourceName continues to
validate length and exact output for these edge-case inputs.

In `@pkg/lifecycle-controller/controller.go`:
- Around line 341-358: Update resourceName to defensively remove leading hyphens
and ensure the final label starts with a letter: after the existing
TrimRight(csName, "-") call, add strings.TrimLeft(csName, "-") to remove leading
dashes, and if csName is empty set csName = "a" (or otherwise ensure it will not
be empty before appending the suffix). Also, if the first rune of csName is not
a lowercase letter (e.g., it starts with a digit), prefix it with "a" so the
final value (csName + "-" + resourceBaseName) begins with a letter; adjust
truncation logic if necessary so the combined length still respects maxPrefix.
Reference: function resourceName and constant resourceBaseName.
- Around line 696-710: The handler passed to bldr.WatchesRawSource
(handler.TypedEnqueueRequestsFromMapFunc) currently swallows errors from
mgr.GetClient().List and returns nil, dropping the TLS profile update; change
the map func to accept the full configv1.TLSProfile object (rather than
TLSProfileSpec) so you can return a reconcile.Request that requeues the
TLSProfile itself when mgr.GetClient().List fails (use
client.ObjectKeyFromObject on the TLSProfile param), and keep the original
behavior of returning CatalogSource requests on success; update the
TypedEnqueueRequestsFromMapFunc signature and its callers accordingly and ensure
r.Log.Error still logs the error.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b1015d3d-9bae-4419-9199-6f68e8e99b31

📥 Commits

Reviewing files that changed from the base of the PR and between 122728c and ece75f8.

⛔ Files ignored due to path filters (6)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/controller-runtime-common/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/library-go/pkg/crypto/crypto.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (29)

• Makefile
• cmd/lifecycle-controller/main.go
• cmd/lifecycle-controller/start.go
• cmd/lifecycle-controller/util.go
• cmd/lifecycle-server/main.go
• cmd/lifecycle-server/start.go
• go.mod
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• pkg/lifecycle-controller/TODO.md
• pkg/lifecycle-controller/controller.go
• pkg/lifecycle-controller/controller_test.go
• pkg/lifecycle-controller/tls.go
• pkg/lifecycle-controller/tls_test.go
• pkg/lifecycle-server/fbc.go
• pkg/lifecycle-server/fbc_test.go
• pkg/lifecycle-server/server.go
• pkg/lifecycle-server/server_test.go
• scripts/generate_crds_manifests.sh

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (1)

go.mod (1)

254-254: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

The replace directive issue flagged in previous review remains unresolved.

As noted in the prior review, this replace directive points to a fork (joelanford/controller-runtime-common) that does not contain commit afe447e6c57e. The commit exists only in the upstream openshift/controller-runtime-common repository. This mismatch will cause module resolution failures.

Please address the previous review comment by either:

1. Updating the replace to point to the upstream repository, or
2. Ensuring the fork includes the required commit

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 254, The replace directive currently mapping
github.com/openshift/controller-runtime-common to
github.com/joelanford/controller-runtime-common at pseudo-version afe447e6c57e
is invalid because that fork does not contain that commit; update the go.mod
replace so the module resolution points to the upstream repo or to a fork that
actually contains commit afe447e6c57e — specifically change the replace target
from github.com/joelanford/controller-runtime-common to
github.com/openshift/controller-runtime-common (or ensure the joelanford fork is
updated to include commit afe447e6c57e) so the existing replace line and
pseudo-version resolve correctly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@cmd/lifecycle-controller/start.go`:
- Around line 204-206: The current code in start.go masks all errors from
tlsutil.FetchAPIServerTLSProfile by unconditionally falling back to the default
profile and disabling the watcher; change the error handling so only the
specific "not found / no TLS profile configured" condition falls back: call
tlsutil.FetchAPIServerTLSProfile(ctx, cl) and if the returned error is the
sentinel/not-found condition (e.g., apierrors.IsNotFound(err) or a
tlsutil.ErrNoProfile sentinel exposed by tlsutil) then return
*configv1.TLSProfiles[crypto.DefaultTLSProfileType], false, nil; for any other
error from FetchAPIServerTLSProfile return nil (or propagate the error) so
startup fails and the watcher remains active; update the branch around
initialTLSProfileSpec and its error handling accordingly.
- Around line 278-300: The TLS watcher currently sends events into an unbuffered
tlsChangeChan in setupTLSProfileWatcher which can block the OnProfileChange
callback; change tlsChangeChan to a buffered channel (e.g., make(chan
event.TypedGenericEvent[configv1.TLSProfileSpec], 1) or a small configurable
buffer) so sends in tlsChangeChan <- ... inside the OnProfileChange closure
never block the watcher or shutdown path; update any callers/consumers if they
rely on synchronous behavior.

In `@pkg/lifecycle-controller/controller.go`:
- Around line 532-537: The egress rule added via WithEgress /
networkingv1ac.NetworkPolicyEgressRule currently only allows the backend
targetPort 6443 (specified with NetworkPolicyPort and intstr.FromInt32(6443)),
but Kubernetes services are reached via their service port (443) so
TokenReview/SAR calls will be blocked; update the NetworkPolicyPort list in the
WithEgress block (where NetworkPolicyEgressRule is built) to include a second
port entry for 443 in addition to 6443 so the policy permits traffic to
kubernetes.default.svc:443.

---

Duplicate comments:
In `@go.mod`:
- Line 254: The replace directive currently mapping
github.com/openshift/controller-runtime-common to
github.com/joelanford/controller-runtime-common at pseudo-version afe447e6c57e
is invalid because that fork does not contain that commit; update the go.mod
replace so the module resolution points to the upstream repo or to a fork that
actually contains commit afe447e6c57e — specifically change the replace target
from github.com/joelanford/controller-runtime-common to
github.com/openshift/controller-runtime-common (or ensure the joelanford fork is
updated to include commit afe447e6c57e) so the existing replace line and
pseudo-version resolve correctly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: e97221ef-a124-4bdf-b6d8-66af5a489b65

📥 Commits

Reviewing files that changed from the base of the PR and between ece75f8 and 74f8725.

⛔ Files ignored due to path filters (5)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/controller-runtime-common/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (25)

• Makefile
• cmd/lifecycle-controller/main.go
• cmd/lifecycle-controller/start.go
• cmd/lifecycle-controller/util.go
• go.mod
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• pkg/lifecycle-controller/TODO.md
• pkg/lifecycle-controller/controller.go
• pkg/lifecycle-controller/controller_test.go
• pkg/lifecycle-controller/tls.go
• pkg/lifecycle-controller/tls_test.go
• scripts/generate_crds_manifests.sh

✅ Files skipped from review due to trivial changes (10)

• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• pkg/lifecycle-controller/TODO.md
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• operator-lifecycle-manager.Dockerfile
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• pkg/lifecycle-controller/tls_test.go
• scripts/generate_crds_manifests.sh

🚧 Files skipped from review as they are similar to previous changes (5)

• microshift-manifests/kustomization.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• cmd/lifecycle-controller/util.go
• cmd/lifecycle-controller/main.go
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 895ba5ca-03fc-4a12-890d-41282603cecd

📥 Commits

Reviewing files that changed from the base of the PR and between 74f8725 and c148b33.

⛔ Files ignored due to path filters (27)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/controller-runtime-common/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/library-go/pkg/crypto/crypto.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (25)

• Makefile
• cmd/lifecycle-controller/main.go
• cmd/lifecycle-controller/start.go
• cmd/lifecycle-controller/util.go
• go.mod
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• pkg/lifecycle-controller/TODO.md
• pkg/lifecycle-controller/controller.go
• pkg/lifecycle-controller/controller_test.go
• pkg/lifecycle-controller/tls.go
• pkg/lifecycle-controller/tls_test.go
• scripts/generate_crds_manifests.sh

✅ Files skipped from review due to trivial changes (12)

• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• pkg/lifecycle-controller/TODO.md
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• pkg/lifecycle-controller/tls_test.go
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• cmd/lifecycle-controller/util.go
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• scripts/generate_crds_manifests.sh

🚧 Files skipped from review as they are similar to previous changes (5)

• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• go.mod
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (2)

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile (1)

1-2: ⚡ Quick win

Prefer COPY here.

ADD is unnecessary for a local config directory and carries tar/URL semantics we don't need in this fixture.

Suggested fix

 FROM scratch
-ADD configs /configs
+COPY configs /configs

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`
around lines 1 - 2, The Dockerfile uses "ADD configs /configs" which is
unnecessary; replace that ADD instruction with "COPY configs /configs" so the
local configs directory is copied without ADD's tar/URL behavior; update the
Dockerfile line that currently contains ADD configs /configs to use COPY instead
and keep the same destination path.

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile (1)

1-2: ⚡ Quick win

Prefer COPY here.

ADD is unnecessary for a local config directory and carries tar/URL semantics we don't need in this fixture.

Suggested fix

 FROM scratch
-ADD configs /configs
+COPY configs /configs

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`
around lines 1 - 2, Replace the ADD instruction with COPY in the Dockerfile so
the local configs directory is copied without ADD's extra tar/URL semantics;
update the Dockerfile's second line to use COPY configs /configs (leave the FROM
scratch line unchanged) to ensure the fixture uses the simpler, more appropriate
Dockerfile directive.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml`:
- Line 48: The startup argument
--catalog-source-field-selector=metadata.namespace=openshift-marketplace
hard-codes a namespace filter and prevents the lifecycle-controller from seeing
CatalogSource objects outside openshift-marketplace; remove this argument (or
replace it with a configurable value passed via an environment variable or
downward API) from the lifecycle-controller container args so the controller can
observe CatalogSources across namespaces (look for the lifecycle-controller
Deployment args list containing --catalog-source-field-selector and update it
accordingly).

In `@pkg/lifecycle-controller/controller.go`:
- Around line 151-166: The current loop returns the first running pod matching
the label which is non-deterministic; instead, filter pods to those with
Phase==corev1.PodRunning and with a Ready condition true, then choose a
deterministic candidate (for example pick the pod with the most recent
StartTime/CreationTimestamp) and return its imageID(p) and Spec.NodeName; update
the code around r.List and the loop that uses pods.Items to build a slice of
ready running pods, sort/select by pod.Status.StartTime (or CreationTimestamp)
and then call imageID(selectedPod) to return the digest and node.
- Around line 130-132: When imageRef == "" in the reconcile path (the block
around imageRef check in controller.go), instead of immediately returning,
delete any stale lifecycle-server resources (Deployment, Service,
ServiceAccount, NetworkPolicy) and remove or update the shared
ClusterRoleBinding (CRB) subject so RBAC is cleaned up, then re-sync the shared
CRB state before returning; implement or call a helper like
ensureLifecycleServerAbsent/cleanupLifecycleServerResources and a
resyncSharedCRB function from the reconcile loop (referencing imageRef,
reconcile/Reconcile method, and the ClusterRoleBinding subject handling) and
only then return ctrl.Result{}, nil (or requeue if needed).

In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go`:
- Around line 224-230: The Eventually block currently treats any error from
KubernetesInterface().RbacV1().ClusterRoleBindings().Get as success by returning
true; change the logic so GET errors do not satisfy the assertion: if Get
returns a NotFound error then return true (binding gone), if Get returns any
other error return false to keep retrying, and only return true when
crbContainsSubject(crb, name, ns.Name) is false; update the anonymous func in
the Eventually call that uses lcCRBName and crbContainsSubject accordingly.

---

Nitpick comments:
In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`:
- Around line 1-2: Replace the ADD instruction with COPY in the Dockerfile so
the local configs directory is copied without ADD's extra tar/URL semantics;
update the Dockerfile's second line to use COPY configs /configs (leave the FROM
scratch line unchanged) to ensure the fixture uses the simpler, more appropriate
Dockerfile directive.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`:
- Around line 1-2: The Dockerfile uses "ADD configs /configs" which is
unnecessary; replace that ADD instruction with "COPY configs /configs" so the
local configs directory is copied without ADD's tar/URL behavior; update the
Dockerfile line that currently contains ADD configs /configs to use COPY instead
and keep the same destination path.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ed000ad1-d469-4ecf-b22b-bb6685a2913c

📥 Commits

Reviewing files that changed from the base of the PR and between c148b33 and 0299300.

⛔ Files ignored due to path filters (27)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/controller-runtime-common/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/library-go/pkg/crypto/crypto.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (32)

• Makefile
• cmd/lifecycle-controller/main.go
• cmd/lifecycle-controller/start.go
• cmd/lifecycle-controller/util.go
• go.mod
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• pkg/lifecycle-controller/TODO.md
• pkg/lifecycle-controller/controller.go
• pkg/lifecycle-controller/controller_test.go
• pkg/lifecycle-controller/tls.go
• pkg/lifecycle-controller/tls_test.go
• scripts/generate_crds_manifests.sh
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/configs/catalog.json

✅ Files skipped from review due to trivial changes (13)

• microshift-manifests/kustomization.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• pkg/lifecycle-controller/TODO.md
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• pkg/lifecycle-controller/tls_test.go
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• cmd/lifecycle-controller/start.go

🚧 Files skipped from review as they are similar to previous changes (7)

• operator-lifecycle-manager.Dockerfile
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• cmd/lifecycle-controller/util.go
• cmd/lifecycle-controller/main.go
• Makefile
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• scripts/generate_crds_manifests.sh

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile (1)

2-2: Use COPY instead of ADD for the plain directory copy.

The COPY instruction is the appropriate choice for copying local directories. The ADD instruction should be reserved for remote URLs and automatic tar extraction, avoiding unintended behavior.

Suggested patch

-ADD configs /configs
+COPY configs /configs

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`
at line 2, The Dockerfile uses the ADD instruction to copy a local directory
(ADD configs /configs); replace that with the COPY instruction to avoid
unintended behavior—change the ADD configs /configs line to COPY configs
/configs in the Dockerfile so the local directory is copied plainly (no
automatic tar extraction or URL handling).

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile (1)

2-2: Use COPY instead of ADD for plain directory copy.

ADD has extra semantics (URL/tar handling) that are unnecessary here and can be surprising. Since configs is a directory, COPY is the more appropriate choice.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`
at line 2, Replace the Dockerfile ADD instruction "ADD configs /configs" with
the equivalent COPY instruction by changing it to "COPY configs /configs" so the
plain directory copy uses COPY instead of ADD; update the Dockerfile line
containing ADD configs /configs accordingly.

pkg/lifecycle-controller/controller_test.go (1)

675-688: ⚡ Quick win

Add regression coverage for stale cleanup and multi-pod selection

Current tests don’t cover two critical edge paths:

• pre-existing lifecycle resources when Line 130 returns with no imageRef, and
• multiple running catalog pods requiring deterministic selection.

Adding these cases will lock in behavior and prevent regressions once controller fixes land.

Also applies to: 867-930

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller_test.go` around lines 675 - 688, Add two
tests to controller_test.go using the existing helpers (newCatalogSource,
testClientBuilder, testReconciler) that call r.Reconcile(ctx, ctrl.Request{...})
like TestReconcile_NoPodRunning: (1) create a CatalogSource with no imageRef and
pre-existing lifecycle resources (Lifecycle objects/conditions) and assert that
after Reconcile those stale lifecycle resources are removed/cleaned up and
Reconcile returns ctrl.Result{} with no error; (2) create a CatalogSource with
multiple running catalog Pods and assert the controller's deterministic
selection behavior by seeding Pods with distinct creationTimestamps/labels and
verifying Reconcile selected the expected pod (e.g., earliest CreationTimestamp
or the selection criterion implemented in Reconcile) and produced the expected
lifecycle update; use the same test helpers and assert on object
presence/absence and specific lifecycle status updates to lock in behavior.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml`:
- Around line 39-55: The RBAC rules currently grant the overly broad "update"
verb for the lifecycle controller on resources "services", "serviceaccounts",
"networkpolicies", and "clusterrolebindings"; remove "update" from the verbs
arrays for the rules that target these resources (the entries that list
resources: ["services"], ["serviceaccounts"], ["networkpolicies"], and
["clusterrolebindings"]) so they only use the needed verbs (e.g.,
"get","list","watch","create","patch","delete") to enforce least privilege
without changing reconcile behavior.

In `@pkg/lifecycle-controller/controller.go`:
- Around line 341-358: resourceName currently truncates long csName directly
which can make distinct CatalogSource names collide; update resourceName to
preserve uniqueness by computing a short deterministic hash when truncation is
needed: normalize csName as now, compute suffix using resourceBaseName,
determine maxPrefix for the prefix part, and if len(csName) > maxPrefix then
compute a compact hash (e.g., sha256 and hex-encode first 6 chars), trim csName
to fit maxPrefix minus len("-")+len(hash6) so you can insert "-<hash6>" before
"-"+resourceBaseName, then trim trailing "-" and return csName + "-" + hash6 +
"-" + resourceBaseName; ensure all name length checks still enforce the 63-char
limit and keep references to the resourceName function and resourceBaseName
symbol for locating the change.

In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go`:
- Around line 31-33: The test builds an HTTP fetch command with wget flags into
the args slice which currently includes "-S" (in the args variable assembled
with extraArgs and url), and "-S" can inject response headers into stderr that
pollutes captured logs and breaks json.Unmarshal assertions; remove the "-S"
flag from the args construction (and the other identical occurrence around lines
176-179) so args becomes []string{"-O", "/dev/stdout", "-q"} (and preserve
appending extraArgs and url), updating any test helper that assembles wget args
accordingly (locate the code that sets args, the extraArgs append sites, and the
uses that parse body to ensure they now receive clean JSON).

---

Nitpick comments:
In `@pkg/lifecycle-controller/controller_test.go`:
- Around line 675-688: Add two tests to controller_test.go using the existing
helpers (newCatalogSource, testClientBuilder, testReconciler) that call
r.Reconcile(ctx, ctrl.Request{...}) like TestReconcile_NoPodRunning: (1) create
a CatalogSource with no imageRef and pre-existing lifecycle resources (Lifecycle
objects/conditions) and assert that after Reconcile those stale lifecycle
resources are removed/cleaned up and Reconcile returns ctrl.Result{} with no
error; (2) create a CatalogSource with multiple running catalog Pods and assert
the controller's deterministic selection behavior by seeding Pods with distinct
creationTimestamps/labels and verifying Reconcile selected the expected pod
(e.g., earliest CreationTimestamp or the selection criterion implemented in
Reconcile) and produced the expected lifecycle update; use the same test helpers
and assert on object presence/absence and specific lifecycle status updates to
lock in behavior.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`:
- Line 2: The Dockerfile uses the ADD instruction to copy a local directory (ADD
configs /configs); replace that with the COPY instruction to avoid unintended
behavior—change the ADD configs /configs line to COPY configs /configs in the
Dockerfile so the local directory is copied plainly (no automatic tar extraction
or URL handling).

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`:
- Line 2: Replace the Dockerfile ADD instruction "ADD configs /configs" with the
equivalent COPY instruction by changing it to "COPY configs /configs" so the
plain directory copy uses COPY instead of ADD; update the Dockerfile line
containing ADD configs /configs accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 7a9ff271-0670-4015-a8af-f3a500641768

📥 Commits

Reviewing files that changed from the base of the PR and between 0299300 and 3f14838.

⛔ Files ignored due to path filters (262)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/api/config/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_dns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiservernamedservingcert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverservingcerts.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/audit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/auditcustomrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsingressspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/basicauthidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/builddefaults.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildoverrides.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerips.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clustercondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusternetworkentry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatuscondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentoverride.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapfilereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapnamereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/console.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consoleauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/custom.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customfeaturegates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/deprecatedwebhooktokenauthenticator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnszone.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/equinixmetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalipconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalippolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/extramapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateattributes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatedetails.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateselection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gathererconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/githubidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gitlabidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/googleidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/htpasswdidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsourcestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityproviderconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/image.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorsetspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagelabel.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorsetspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagather.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagatherspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/keystoneidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kubevirtplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapattributemapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/loadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/maxagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigrationvalues.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnostics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticssourceplacement.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticstargetplacement.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkmigration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/node.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixfailuredomain.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismelementendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixresourceidentifier.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthremoteconnectioninfo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthtemplates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/objectreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openidclaims.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openididentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operandversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhub.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeclaimreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/pkicertificatesubject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyfulciosubject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyidentity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchexactrepository.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchremapidentity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/profilecustomizations.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/project.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/projectspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/promqlclustercondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrylocation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/release.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/repositorydigestmirrors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requestheaderidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requiredhstspolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/scheduler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/schedulerspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/secretnamereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/signaturestore.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/storage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/templatereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlsprofilespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmappings.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimorexpressionmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationcelrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenissuer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenrequiredclaim.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenuservalidationrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/updatehistory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameprefix.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultapproleauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultconfigmapreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultsecretreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaulttlsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainhostgroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainregionaffinity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainzoneaffinity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformfailuredomainspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformnodenetworking.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformnodenetworkingspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformtopology.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformvcenterspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/webhooktokenauthenticator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/additionalalertmanagerconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagerconfig.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (32)

• Makefile
• cmd/lifecycle-controller/main.go
• cmd/lifecycle-controller/start.go
• cmd/lifecycle-controller/util.go
• go.mod
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• pkg/lifecycle-controller/TODO.md
• pkg/lifecycle-controller/controller.go
• pkg/lifecycle-controller/controller_test.go
• pkg/lifecycle-controller/tls.go
• pkg/lifecycle-controller/tls_test.go
• scripts/generate_crds_manifests.sh
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/configs/catalog.json

✅ Files skipped from review due to trivial changes (12)

• operator-lifecycle-manager.Dockerfile
• cmd/lifecycle-controller/main.go
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• cmd/lifecycle-controller/util.go
• pkg/lifecycle-controller/tls_test.go
• microshift-manifests/kustomization.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• pkg/lifecycle-controller/TODO.md
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• go.mod

🚧 Files skipped from review as they are similar to previous changes (7)

• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• Makefile
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml

[perdasilva]

@coderabbitai resume

[coderabbitai]

🧹 Nitpick comments (7)

microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml (1)

62-63: 💤 Low value

Verify GOMEMLIMIT of 5MiB is sufficient for the lifecycle-controller.

The GOMEMLIMIT=5MiB is quite low for a controller-runtime based application. While the memory request is 10Mi, controller-runtime's informer caches can grow depending on the number of watched objects (CatalogSources, Pods, Deployments, etc.). If the cluster has many catalog sources or resources, GC pressure could become significant.

Consider monitoring memory usage in practice or increasing to a more comfortable threshold (e.g., 8MiB or matching the request).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml`
around lines 62 - 63, The GOMEMLIMIT environment variable for the
lifecycle-controller is set to an unusually low "5MiB"; update the container's
env entry (GOMEMLIMIT) in the lifecycle-controller deployment manifest to a
higher, safer value such as "8MiB" or one that matches the memory request (e.g.,
"10MiB") to reduce GC pressure for controller-runtime informer caches and
monitor memory usage after deployment.

pkg/lifecycle-controller/controller_test.go (1)

168-172: 💤 Low value

Test case "distinct long names produce different results" is self-referential.

The expected value calls resourceName(...) with the same input as the test, which makes this test case a tautology—it will always pass regardless of implementation correctness. Consider using a pre-computed expected value instead.

However, the actual collision prevention is validated in TestResourceName_NoCollision (Lines 184-190), which correctly tests two distinct long names produce different outputs. This test case appears to be a placeholder for documenting the pattern rather than a strict assertion.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller_test.go` around lines 168 - 172, The test
case named "distinct long names produce different results" is tautological
because it computes expected by calling resourceName on the same input; change
it to assert against a concrete, precomputed expected string instead of calling
resourceName(input). Locate the test case in controller_test.go and replace
expected:
resourceName("this-is-a-very-long-catalog-source-name-that-exceeds-the-dns-xxxxx")
with the actual expected resource name value (the precomputed hashed/truncated
result your resourceName implementation should produce) so the test fails if
resourceName regresses; keep the test name and input unchanged and only modify
the expected value to a constant string.

pkg/lifecycle-controller/controller.go (1)

726-741: 💤 Low value

TLS profile change handler logs error but returns nil, silently dropping the requeue.

When listing CatalogSources fails in the TLS change handler (Line 730-733), the error is logged but the function returns nil, meaning no reconciliation requests are enqueued. A transient API server error during TLS profile changes could leave lifecycle-server deployments running with stale TLS configurations until the next unrelated reconcile.

Consider returning a sentinel request that triggers a delayed requeue, or relying on the periodic resync if that's acceptable for TLS propagation latency.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller.go` around lines 726 - 741, The
TLS-profile change handler currently logs errors from mgr.GetClient().List but
returns nil, dropping reconciliation; modify the TypedEnqueueRequestsFromMapFunc
handler (the closure passed to source.Channel(tlsProfileChan,
handler.TypedEnqueueRequestsFromMapFunc(...))) so that when
mgr.GetClient().List(ctx, &catalogSources) returns an error you return a
sentinel reconcile.Request to force a retry (e.g., a single request that will
requeue the controller instead of an empty slice), and keep r.Log.Error(...) for
visibility; ensure you still return the full list of reconcile.Request for the
successful-list path so CatalogSource objects are enqueued as before.

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile (2)

3-3: ⚡ Quick win

Pin the base image to an immutable digest instead of :latest.

Using :latest makes test behavior drift over time and can cause non-reproducible CI results.

Proposed change

-FROM quay.io/operator-framework/opm:latest
+FROM quay.io/operator-framework/opm@sha256:<resolved-digest>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile`
at line 3, The Dockerfile currently uses a floating tag "FROM
quay.io/operator-framework/opm:latest"; change this to a pinned immutable digest
by replacing that FROM line with the same image referenced by its sha256 digest
(e.g., quay.io/operator-framework/opm@sha256:...) so the base image is fixed and
CI/tests are reproducible—update the FROM instruction in the Dockerfile
accordingly and commit the pinned digest.

---

3-15: ⚡ Quick win

Set an explicit non-root runtime user.

Please set USER explicitly so this image remains compliant with restricted policies even if base-image defaults change.

Proposed change

 FROM quay.io/operator-framework/opm:latest
@@
 RUN ["/bin/opm", "serve", "/configs", "--cache-dir=/tmp/cache", "--cache-only"]
+USER 65532:65532

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile`
around lines 3 - 15, The image lacks an explicit non-root runtime user: add a
USER instruction with a non-root uid/gid (e.g., 1000 or 65534) after the file
setup steps and before runtime execution, and update the Dockerfile so the
created runtime user can access the copied files by chown-ing /configs and the
cache dir in the RUN stage (ensure permissions for /tmp/cache and /configs);
keep ENTRYPOINT ["/bin/opm"], CMD ["serve"...] and the LABEL unchanged so the
container runs as the non-root user.

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json (1)

1-3: ⚡ Quick win

Exclude NDJSON catalog fixtures from strict single-JSON linting.

This fixture is newline-delimited JSON records, so strict JSON parsers (like Biome in single-document mode) will keep flagging parse errors. Consider excluding this path from that rule (or treating these fixtures as JSONL) to avoid noisy failures.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json`
around lines 1 - 3, This NDJSON fixture contains newline-delimited JSON records
(schemas "olm.package", "olm.channel", "olm.bundle") and should be excluded from
strict single-JSON linting; update the lint configuration (or Biome rule set) to
either treat these catalog fixtures as JSONL or add a rule/ignore entry that
excludes files matching this catalog pattern (the catalog.json NDJSON fixture
containing entries with "olm.package"/"olm.channel"/"olm.bundle") so the linter
no longer enforces single-document JSON parsing on these fixtures.

pkg/lifecycle-server/fbc.go (1)

117-123: ⚡ Quick win

Return lifecycle versions in deterministic order.

ListVersions() currently depends on map iteration order, which is nondeterministic. Sorting here avoids unstable logs and caller behavior.

♻️ Proposed fix

 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"os"
 	"regexp"
+	"sort"
 	"sync"
@@
 func (index LifecycleIndex) ListVersions() []string {
 	versions := make([]string, 0, len(index))
 	for v := range index {
 		versions = append(versions, v)
 	}
+	sort.Strings(versions)
 	return versions
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-server/fbc.go` around lines 117 - 123, ListVersions currently
returns map keys in nondeterministic order; modify LifecycleIndex.ListVersions
to produce a deterministic sorted slice by collecting keys into versions and
calling sort.Strings(versions) before returning. Update the function that builds
versions (ListVersions) and import the sort package if missing so callers
receive a stable, sorted list of lifecycle versions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml`:
- Around line 62-63: The GOMEMLIMIT environment variable for the
lifecycle-controller is set to an unusually low "5MiB"; update the container's
env entry (GOMEMLIMIT) in the lifecycle-controller deployment manifest to a
higher, safer value such as "8MiB" or one that matches the memory request (e.g.,
"10MiB") to reduce GC pressure for controller-runtime informer caches and
monitor memory usage after deployment.

In `@pkg/lifecycle-controller/controller_test.go`:
- Around line 168-172: The test case named "distinct long names produce
different results" is tautological because it computes expected by calling
resourceName on the same input; change it to assert against a concrete,
precomputed expected string instead of calling resourceName(input). Locate the
test case in controller_test.go and replace expected:
resourceName("this-is-a-very-long-catalog-source-name-that-exceeds-the-dns-xxxxx")
with the actual expected resource name value (the precomputed hashed/truncated
result your resourceName implementation should produce) so the test fails if
resourceName regresses; keep the test name and input unchanged and only modify
the expected value to a constant string.

In `@pkg/lifecycle-controller/controller.go`:
- Around line 726-741: The TLS-profile change handler currently logs errors from
mgr.GetClient().List but returns nil, dropping reconciliation; modify the
TypedEnqueueRequestsFromMapFunc handler (the closure passed to
source.Channel(tlsProfileChan, handler.TypedEnqueueRequestsFromMapFunc(...))) so
that when mgr.GetClient().List(ctx, &catalogSources) returns an error you return
a sentinel reconcile.Request to force a retry (e.g., a single request that will
requeue the controller instead of an empty slice), and keep r.Log.Error(...) for
visibility; ensure you still return the full list of reconcile.Request for the
successful-list path so CatalogSource objects are enqueued as before.

In `@pkg/lifecycle-server/fbc.go`:
- Around line 117-123: ListVersions currently returns map keys in
nondeterministic order; modify LifecycleIndex.ListVersions to produce a
deterministic sorted slice by collecting keys into versions and calling
sort.Strings(versions) before returning. Update the function that builds
versions (ListVersions) and import the sort package if missing so callers
receive a stable, sorted list of lifecycle versions.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile`:
- Line 3: The Dockerfile currently uses a floating tag "FROM
quay.io/operator-framework/opm:latest"; change this to a pinned immutable digest
by replacing that FROM line with the same image referenced by its sha256 digest
(e.g., quay.io/operator-framework/opm@sha256:...) so the base image is fixed and
CI/tests are reproducible—update the FROM instruction in the Dockerfile
accordingly and commit the pinned digest.
- Around line 3-15: The image lacks an explicit non-root runtime user: add a
USER instruction with a non-root uid/gid (e.g., 1000 or 65534) after the file
setup steps and before runtime execution, and update the Dockerfile so the
created runtime user can access the copied files by chown-ing /configs and the
cache dir in the RUN stage (ensure permissions for /tmp/cache and /configs);
keep ENTRYPOINT ["/bin/opm"], CMD ["serve"...] and the LABEL unchanged so the
container runs as the non-root user.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json`:
- Around line 1-3: This NDJSON fixture contains newline-delimited JSON records
(schemas "olm.package", "olm.channel", "olm.bundle") and should be excluded from
strict single-JSON linting; update the lint configuration (or Biome rule set) to
either treat these catalog fixtures as JSONL or add a rule/ignore entry that
excludes files matching this catalog pattern (the catalog.json NDJSON fixture
containing entries with "olm.package"/"olm.channel"/"olm.bundle") so the linter
no longer enforces single-document JSON parsing on these fixtures.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 77cec337-9795-4712-9959-918696786f17

📥 Commits

Reviewing files that changed from the base of the PR and between 777565f and af2591a.

⛔ Files ignored due to path filters (224)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/api/config/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_dns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiservernamedservingcert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverservingcerts.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/audit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/auditcustomrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsingressspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/basicauthidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/builddefaults.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildoverrides.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerips.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clustercondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusternetworkentry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatuscondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentoverride.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapfilereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapnamereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/console.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consoleauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/custom.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customfeaturegates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/deprecatedwebhooktokenauthenticator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnszone.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/equinixmetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalipconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalippolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/extramapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateattributes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatedetails.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateselection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gathererconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/githubidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gitlabidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/googleidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/htpasswdidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsourcestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityproviderconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/image.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorsetspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagelabel.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorsetspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagather.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagatherspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/keystoneidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kubevirtplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapattributemapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/loadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/maxagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigrationvalues.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnostics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticssourceplacement.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticstargetplacement.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkmigration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/node.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixfailuredomain.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismelementendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixresourceidentifier.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthremoteconnectioninfo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthtemplates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/objectreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openidclaims.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openididentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operandversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhub.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeclaimreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/pkicertificatesubject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyfulciosubject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyidentity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchexactrepository.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchremapidentity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/profilecustomizations.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/project.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/projectspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/promqlclustercondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrylocation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/release.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/repositorydigestmirrors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requestheaderidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requiredhstspolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/scheduler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/schedulerspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/secretnamereference.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (37)

• Makefile
• cmd/lifecycle-controller/main.go
• cmd/lifecycle-controller/start.go
• cmd/lifecycle-controller/util.go
• cmd/lifecycle-server/main.go
• cmd/lifecycle-server/start.go
• go.mod
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• pkg/lifecycle-controller/TODO.md
• pkg/lifecycle-controller/controller.go
• pkg/lifecycle-controller/controller_test.go
• pkg/lifecycle-controller/tls.go
• pkg/lifecycle-controller/tls_test.go
• pkg/lifecycle-server/fbc.go
• pkg/lifecycle-server/fbc_test.go
• pkg/lifecycle-server/server.go
• pkg/lifecycle-server/server_test.go
• scripts/generate_crds_manifests.sh
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/configs/catalog.json

✅ Files skipped from review due to trivial changes (10)

• cmd/lifecycle-server/main.go
• operator-lifecycle-manager.Dockerfile
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
• microshift-manifests/kustomization.yaml
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
• pkg/lifecycle-controller/TODO.md

🚧 Files skipped from review as they are similar to previous changes (10)

• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• pkg/lifecycle-server/fbc_test.go
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• cmd/lifecycle-server/start.go
• pkg/lifecycle-server/server.go
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• Makefile
• go.mod
• scripts/generate_crds_manifests.sh

[perdasilva]

@coderabbitai resume

[coderabbitai]

No description provided.

[coderabbitai]

✅ Actions performed

Reviews resumed.

[perdasilva]

/unhold

[perdasilva]

/retest

[perdasilva]

/retest

[openshift-ci]

@perdasilva: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-gcp-olm	756628f	link	true	/test e2e-gcp-olm

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[rashmigottipati]

/test e2e-gcp-olm