Skip to content

OPRUN-4544,OPRUN-4542: add lifecycle-controller for managing catalog lifecycle pods#1285

Open
perdasilva wants to merge 2 commits intoopenshift:mainfrom
perdasilva:lifecycle-controller
Open

OPRUN-4544,OPRUN-4542: add lifecycle-controller for managing catalog lifecycle pods#1285
perdasilva wants to merge 2 commits intoopenshift:mainfrom
perdasilva:lifecycle-controller

Conversation

@perdasilva
Copy link
Copy Markdown
Contributor

@perdasilva perdasilva commented Apr 30, 2026
edited
Loading

Summary

Introduces a lifecycle-controller that watches CatalogSources and manages per-catalog lifecycle-server deployments with their supporting infrastructure. Manifests and deployment configuration are tracked in a separate PR.

For each matching CatalogSource with a running catalog pod, the controller creates a Deployment, ServiceAccount, Service, and NetworkPolicy using server-side apply. A shared ClusterRoleBinding aggregates all lifecycle-server ServiceAccounts and is reconciled on every change. Namespace-scoped resources are cleaned up automatically via Kubernetes garbage collection (owner references); the ClusterRoleBinding — which cannot use owner references across scope boundaries — is maintained through a finalizer on matching CatalogSources.

Resource lifecycle

  • Finalizers are only added to CatalogSources that match the configured label/field selectors; uses MergeFrom patch instead of full object Update to avoid conflict errors from concurrent metadata changes
  • If a CatalogSource stops matching (e.g., label change), the finalizer is removed and the CRB is reconciled
  • On deletion, reconcileClusterRoleBinding skips CatalogSources with a DeletionTimestamp set, ensuring the subject is removed during the finalizer flow rather than relying solely on GC timing
  • As a safety net, the NotFound path also triggers CRB reconciliation to clean up any stale subjects after GC deletes owned ServiceAccounts

Operational details

  • Readiness gating: readyz check blocks until informer caches have synced, preventing premature traffic routing
  • Cache scoping: CatalogSource informer is restricted by the --catalog-source-field-selector flag (typically metadata.namespace=openshift-marketplace), reducing memory footprint on clusters with many CatalogSources
  • Memory limits: 200Mi on dynamically created lifecycle-server deployments (complementing GOMEMLIMIT soft cap of 50MiB)
  • Non-blocking TLS channel: the TLS profile change callback uses select/default to avoid blocking if events are not consumed fast enough; dropped events are harmless since the TLSConfigProvider is already updated and the next reconciliation picks up the current config
  • Collision resistance: resource name hash uses 8 hex characters (32-bit), providing a collision threshold of ~65K truncated names

Commits

  1. vendor: update openshift/api and openshift/library-go — vendored dependencies for TLS profile support
  2. feat: add lifecycle-controller for managing catalog lifecycle pods — controller code, unit tests, Makefile, Dockerfile

Key Components

  • cmd/lifecycle-controller/ — CLI entrypoint with TLS profile watching, leader election, metrics serving with authn/authz, health/readiness probes
  • pkg/lifecycle-controller/controller.go — SSA-based reconciler: creates/updates lifecycle-server resources per CatalogSource, manages shared ClusterRoleBinding, relies on owner references for GC-based cleanup
  • pkg/lifecycle-controller/tls.go — Thread-safe TLS config provider that dynamically updates when the cluster TLS profile changes

Created Resources (per CatalogSource)

Resource Scope Cleanup Purpose
ServiceAccount Namespace Owner ref GC Identity for lifecycle-server pods
Deployment Namespace Owner ref GC Runs lifecycle-server with OCI image volume (catalog data)
Service Namespace Owner ref GC Exposes API on 8443; serving-cert-secret-name triggers cert generation
NetworkPolicy Namespace Owner ref GC Ingress: 8443; Egress: API server (6443) + DNS (53/5353)
ClusterRoleBinding Cluster Finalizer Binds all lifecycle-server SAs to the static ClusterRole

Test plan

  • Unit tests (33 tests): resource name generation, reconciliation lifecycle, CRB management, deployment spec, TLS provider, predicates, mapping functions, error paths, idempotency, concurrent TLS access
  • Manual validation on live OCP cluster
  • E2E tests (follow-up PR, OTE under test-extension)
  • go build ./cmd/lifecycle-controller/... succeeds
  • go test ./pkg/lifecycle-controller/... passes (33/33)

🤖 Generated with Claude Code

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 30, 2026
edited
Loading

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Walkthrough

Adds a lifecycle-controller and lifecycle-server: new CLIs and managers, a controller that watches CatalogSources and provisions per-catalog lifecycle-server workloads, a lifecycle-server that indexes/serves FBC lifecycle JSON, TLS/profile support, manifests, RBAC, build wiring, and extensive unit and E2E tests.

Changes

Lifecycle controller + lifecycle server feature

Layer / File(s) Summary
Data Shape & Indexing
pkg/lifecycle-server/fbc.go		 Adds LifecycleIndex and LoadLifecycleData to walk FBC JSON blobs, index by schema version and package, and helpers CountBlobs/CountPackages/ListVersions.
Core Server Handlers
pkg/lifecycle-server/server.go		 Adds NewHandler and NewHealthHandler serving /api/{version}/lifecycles/{package} and /healthz,/readyz using LifecycleIndex.
Server FBC Tests
pkg/lifecycle-server/fbc_test.go, pkg/lifecycle-server/server_test.go		 Comprehensive tests for schema regex, LoadLifecycleData behaviors, indexing helpers, routing, concurrency, and byte-for-byte blob retention.
Controller Core Logic
pkg/lifecycle-controller/controller.go		 Adds LifecycleServerReconciler: match CatalogSources, select catalog pod (image digest/node), build/apply per-catalog ServiceAccount/Service/Deployment/NetworkPolicy, manage shared ClusterRoleBinding subjects, and cleanup logic; label/selector predicates and mapping helpers.
Controller Unit & Integration Tests
pkg/lifecycle-controller/controller_test.go		 Large test suite covering name hashing, image digest extraction, affinity, builders (Service/SA/Deployment/NetworkPolicy), reconcile flows (create, update, cleanup), ClusterRoleBinding behavior, event predicates, and error propagation.
TLS Provider
pkg/lifecycle-controller/tls.go, pkg/lifecycle-controller/tls_test.go		 Adds concurrency-safe TLSConfigProvider with Get/UpdateProfile, cloned tls.Config returns, GetCertificate callback wiring, and concurrency tests.
Controller CLI & Manager
cmd/lifecycle-controller/main.go, cmd/lifecycle-controller/start.go, cmd/lifecycle-controller/util.go		 New Cobra CLI and start logic: parse flags, build manager with secure metrics using TLSConfigProvider, scoped cache, optional TLSProfile watcher, and register LifecycleServerReconciler; scheme and catalog-pod selector helpers.
Server CLI & Runtime
cmd/lifecycle-server/main.go, cmd/lifecycle-server/start.go		 New Cobra CLI and start logic: parse FBC path and TLS flags, dynamic cert reloading, build authn/authz filter, load lifecycle data, run HTTPS API and plain health servers with graceful context shutdown.
Build & Module Wiring
Makefile, go.mod, operator-lifecycle-manager.Dockerfile		 Adds LIFECYCLE_CONTROLLER_CMD/LIFECYCLE_SERVER_CMD build targets in Makefile; go.mod dependency updates and replace directive; Dockerfile copies both runtime binaries into image.
Manifest Generation & Kustomize
scripts/generate_crds_manifests.sh, microshift-manifests/kustomization.yaml		 Extend manifest generator and microshift kustomization to include lifecycle-controller/server artifacts.
Kubernetes Manifests
manifests/0000_50_olm_08-lifecycle-controller.*, manifests/0000_50_olm_09-lifecycle-server.rbac.yaml, microshift-manifests/...		 Adds lifecycle-controller Deployment, Service, NetworkPolicy, ClusterRole/ClusterRoleBinding/ServiceAccount, and lifecycle-server ClusterRole for kube-rbac-proxy token/subjectaccessreviews; microshift variants included.
E2E Tests & Test Images
staging/operator-lifecycle-manager/test/e2e/*, staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/*, pkg/lifecycle-controller/TODO.md		 Adds Ginkgo E2E suites for controller and server verification (reconciliation, API responses, health, auth behavior), test image Dockerfiles, catalogs, build helper script, and E2E TODO checklist.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant CatalogSource as CatalogSource (CR)
    participant Controller as lifecycle-controller
    participant KubeAPI as Kubernetes API
    participant CatalogPod as Catalog Pod
    participant TLSProfile as Apiserver TLSProfile
    participant TLSProv as TLSConfigProvider
    participant LifecycleDep as Lifecycle Deployment (per-catalog)
    participant LifecycleSvc as lifecycle-server Pod
    participant Client as Client

    CatalogSource->>KubeAPI: create/update CatalogSource
    KubeAPI->>Controller: watch event
    Controller->>KubeAPI: list/watch Pods (olm.catalogSource selector)
    KubeAPI->>CatalogPod: return matching pods
    Controller->>CatalogPod: inspect status, image digest, node
    Controller->>KubeAPI: apply per-catalog ServiceAccount/Service/Deployment/NetworkPolicy
    Controller->>KubeAPI: update shared ClusterRoleBinding subjects
    TLSProfile->>Controller: notify TLS profile change (optional)
    Controller->>TLSProv: UpdateProfile(newSpec)
    TLSProv->>LifecycleDep: provide tls.Config with GetCertificate
    LifecycleDep->>LifecycleSvc: lifecycle-server starts and serves API over TLS
    Client->>LifecycleSvc: HTTPS GET /api/{version}/lifecycles/{package}
    LifecycleSvc->>LifecycleSvc: lookup LifecycleIndex and respond (200/404/503)
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

@perdasilva
Copy link
Copy Markdown
Contributor Author

perdasilva commented Apr 30, 2026

/hold this one should come after #1284

@openshift-ci openshift-ci Bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 30, 2026
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Apr 30, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: perdasilva

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 30, 2026
@perdasilva perdasilva changed the title feat: add lifecycle-controller for managing catalog lifecycle pods OPRUN-4544,OPRUN-4542: add lifecycle-controller for managing catalog lifecycle pods Apr 30, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Apr 30, 2026
edited by openshift-ci Bot
Loading

@perdasilva: This pull request references OPRUN-4544 which is a valid jira issue.

This pull request references OPRUN-4542 which is a valid jira issue.

Details

In response to this:

Summary

  • Introduces a lifecycle-controller that watches CatalogSources and manages per-catalog lifecycle-server deployments
  • For each matching CatalogSource with a running pod, the controller creates a Deployment, ServiceAccount, Service, and NetworkPolicy using server-side apply
  • Maintains a shared ClusterRoleBinding across all lifecycle-server instances
  • Watches the OpenShift APIServer TLS security profile and triggers rolling restarts of lifecycle-server deployments when it changes
  • Includes RBAC, Deployment, Service, NetworkPolicy manifests gated behind TechPreviewNoUpgrade
  • Depends on OPRUN-4541,OPRUN-4544: add lifecycle-server for serving FBC catalog lifecycle metadata #1284 (lifecycle-server)

Key Components

  • cmd/lifecycle-controller/ — CLI entrypoint with TLS profile watching, leader election, metrics serving with authn/authz, health/readiness probes
  • pkg/lifecycle-controller/controller.go — SSA-based reconciler: creates/updates/deletes lifecycle-server resources per CatalogSource, manages shared ClusterRoleBinding
  • pkg/lifecycle-controller/tls.go — Thread-safe TLS config provider that dynamically updates when the cluster TLS profile changes
  • manifests/ and microshift-manifests/ — Deployment, RBAC, Service, NetworkPolicy manifests

Test plan

  • Unit tests for resource name generation including truncation, empty names, special characters (TestResourceName)
  • Unit tests for full reconciliation lifecycle: create, update, delete, selector filtering (TestReconcile*)
  • Unit tests for ClusterRoleBinding reconciliation with multiple CatalogSources (TestReconcileClusterRoleBinding*)
  • Unit tests for deployment spec generation including probes, security context, volumes, TLS args (TestBuildDeployment*)
  • Unit tests for TLS config provider: thread safety, profile updates, certificate preservation (TestTLSConfigProvider*)
  • Unit tests for pod-to-CatalogSource mapping and predicates (TestMapPodToCatalogSource, TestCatalogPodPredicate)
  • go build ./cmd/lifecycle-controller/... succeeds
  • go test ./pkg/lifecycle-controller/... passes
  • go mod verify clean

🤖 Generated with Claude Code

Summary by CodeRabbit

  • New Features

  • Introduced lifecycle-controller and lifecycle-server components as new OLM deployments with health and metrics endpoints

  • Added HTTP API for querying lifecycle catalog information by version and package

  • Configured TLS, RBAC, and NetworkPolicy security controls for the new components

  • Documentation

  • Added end-to-end test scenario outline for lifecycle controller validation

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Apr 30, 2026
coderabbitai[bot]
coderabbitai Bot reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 5

🧹 Nitpick comments (4)
pkg/lifecycle-controller/controller.go (2)

341-358: 💤 Low value

Consider defensive validation for edge cases in resourceName.

While CatalogSource names must be valid Kubernetes object names (and thus DNS-compliant), the transformation could theoretically produce an invalid DNS label in edge cases:

  • Input "...""---""" after TrimRight → "-lifecycle-server" (starts with hyphen)
  • Input "123""123-lifecycle-server" (starts with digit, technically invalid for DNS subdomain)

In practice, CatalogSource names follow Kubernetes naming rules, making these cases unlikely. However, adding a simple validation or using strings.TrimLeft(csName, "-") after processing would be more defensive.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller.go` around lines 341 - 358, Update
resourceName to defensively remove leading hyphens and ensure the final label
starts with a letter: after the existing TrimRight(csName, "-") call, add
strings.TrimLeft(csName, "-") to remove leading dashes, and if csName is empty
set csName = "a" (or otherwise ensure it will not be empty before appending the
suffix). Also, if the first rune of csName is not a lowercase letter (e.g., it
starts with a digit), prefix it with "a" so the final value (csName + "-" +
resourceBaseName) begins with a letter; adjust truncation logic if necessary so
the combined length still respects maxPrefix. Reference: function resourceName
and constant resourceBaseName.

696-710: 💤 Low value

TLS profile change handler swallows list error.

When listing CatalogSources fails (line 699), the error is logged but the function returns nil, causing no reconciliation requests to be enqueued. This silently drops the TLS profile update. Consider returning an error or implementing retry logic.

Note: The current behavior may be intentional since individual CatalogSources will eventually reconcile on their own triggers, picking up the new TLS config. However, this could delay TLS profile propagation.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller.go` around lines 696 - 710, The handler
passed to bldr.WatchesRawSource (handler.TypedEnqueueRequestsFromMapFunc)
currently swallows errors from mgr.GetClient().List and returns nil, dropping
the TLS profile update; change the map func to accept the full
configv1.TLSProfile object (rather than TLSProfileSpec) so you can return a
reconcile.Request that requeues the TLSProfile itself when mgr.GetClient().List
fails (use client.ObjectKeyFromObject on the TLSProfile param), and keep the
original behavior of returning CatalogSource requests on success; update the
TypedEnqueueRequestsFromMapFunc signature and its callers accordingly and ensure
r.Log.Error still logs the error.
pkg/lifecycle-controller/controller_test.go (1)

108-163: 💤 Low value

Good test coverage for resourceName - consider adding edge case tests.

The test cases cover common scenarios well (special characters, truncation, trailing hyphens). Consider adding tests for edge cases that could produce invalid DNS labels:

  • Input containing only special characters (e.g., "..." or "___")
  • Input starting with digits after transformation

These are unlikely in practice but would document the function's behavior boundaries.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller_test.go` around lines 108 - 163, Add
tests in TestResourceName to cover edge cases where the input is only special
characters (e.g., "..." or "___") and where the transformed name starts with
digits; call resourceName with these inputs and assert the returned string
respects DNS label rules (lowercase, hyphens only, no leading/trailing hyphen,
max 63 chars) and matches the expected output you decide (e.g., suffix-only
"lifecycle-server" or a cleaned name that does not start with a digit). Use the
same t.Run structure and require assertions (require.Equal and
require.LessOrEqual) so TestResourceName continues to validate length and exact
output for these edge-case inputs.
cmd/lifecycle-controller/start.go (1)

204-209: 💤 Low value

Add logging when falling back to default TLS profile.

When FetchAPIServerTLSProfile fails, the function silently returns the default profile with EnableTLSProfileWatcher = false. This hides potential configuration issues. Consider logging the error to aid debugging.

Proposed fix 
 func getInitialTLSProfile(ctx context.Context, restConfig *rest.Config, sch *runtime.Scheme) (configv1.TLSProfileSpec, bool, error) {
 	cl, err := client.New(restConfig, client.Options{Scheme: sch})
 	if err != nil {
 		return configv1.TLSProfileSpec{}, false, fmt.Errorf("failed to create client: %w", err)
 	}
 	initialTLSProfileSpec, err := tlsutil.FetchAPIServerTLSProfile(ctx, cl)
 	if err != nil {
+		klog.V(2).Info("unable to fetch APIServer TLS profile, using default", "error", err)
 		return *configv1.TLSProfiles[crypto.DefaultTLSProfileType], false, nil
 	}
 	return initialTLSProfileSpec, true, nil
 }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@cmd/lifecycle-controller/start.go` around lines 204 - 209, When
tlsutil.FetchAPIServerTLSProfile(ctx, cl) returns an error, add a log statement
that records the error and context before returning the default profile;
specifically, log the error (e.g., using klog.Errorf or the controller's logger)
inside the error branch that currently returns
*configv1.TLSProfiles[crypto.DefaultTLSProfileType], false, nil so callers still
get the default profile and EnableTLSProfileWatcher=false but the failure is
visible for debugging.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 254: The replace directive referencing
github.com/joelanford/controller-runtime-common with pseudo-version ending in
afe447e6c57e is incorrect because that commit exists only in upstream
openshift/controller-runtime-common; either change the replace to point to the
upstream module (github.com/openshift/controller-runtime-common) at the
PR/commit that contains afe447e6c57e, or update the fork
(github.com/joelanford/controller-runtime-common) to include that commit and
re-generate the pseudo-version; also add a clear comment in go.mod next to the
replace indicating this is a temporary override and include a planned removal
date or ticket reference so the replace can be removed once the correct upstream
release is available.

In `@manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml`:
- Around line 62-67: The GOMEMLIMIT env var is set to an unreasonably low "5MiB"
causing excessive GC; update the GOMEMLIMIT value (env name GOMEMLIMIT) to a
realistic budget aligned with the controller pod memory (e.g., match
resources.requests.memory and resources.limits.memory — raise requests.memory
from 10Mi to a sensible value such as 128Mi and set a corresponding
resources.limits.memory), and apply the same GOMEMLIMIT and resource changes to
the mirrored microshift deployment manifests so both deployments use the same
memory budget.

In `@manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml`:
- Around line 20-32: The NetworkPolicy egress currently only restricts ports
(egress block listing ports 6443, 53, 5353) which allows traffic to any
destination; update the egress rules to include explicit "to" selectors for each
destination: add a rule targeting the API server endpoint (e.g., the cluster API
server IP or service via an ipBlock or a namespaceSelector/podSelector for
kube-system/kube-apiserver) for port 6443, and rules targeting the cluster DNS
service (kube-dns or coredns Service IP or selector) for ports 53 and 5353 (both
TCP/UDP as appropriate), ensuring each egress entry pairs its ports with the
correct "to" clause to enforce least privilege.

In `@microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml`:
- Around line 20-32: The egress rules currently allow wide-open access to ports
6443, 53 and 5353; constrain them by adding "to" destination selectors for each
port group: for the API server egress (port 6443) add a "to" that targets the
API server endpoints (e.g., podSelector or namespaceSelector that matches the
control-plane/apiserver pods or the API server Service endpoints) and for DNS
egress (ports 53 and 5353) add a "to" that targets DNS backends (e.g.,
podSelector matching app: coredns or k8s-app: kube-dns or the cluster DNS
Service endpoints); update the egress entries around the port lists (ports: 6443
/ ports: 53,5353) to include the corresponding "to" blocks so traffic is limited
to the API server and DNS targets only.

In `@scripts/generate_crds_manifests.sh`:
- Around line 763-766: The RBAC block that manages lifecycle-server
clusterrolebindings currently includes the "delete" verb for resource
"clusterrolebindings"; remove "delete" from the verbs list (leave "get", "list",
"watch", "create", "update", "patch") so the reconciler can manage/apply CRBs
but cannot delete them, tightening permissions for the lifecycle-server
clusterrolebindings entry that references "clusterrolebindings".

---

Nitpick comments:
In `@cmd/lifecycle-controller/start.go`:
- Around line 204-209: When tlsutil.FetchAPIServerTLSProfile(ctx, cl) returns an
error, add a log statement that records the error and context before returning
the default profile; specifically, log the error (e.g., using klog.Errorf or the
controller's logger) inside the error branch that currently returns
*configv1.TLSProfiles[crypto.DefaultTLSProfileType], false, nil so callers still
get the default profile and EnableTLSProfileWatcher=false but the failure is
visible for debugging.

In `@pkg/lifecycle-controller/controller_test.go`:
- Around line 108-163: Add tests in TestResourceName to cover edge cases where
the input is only special characters (e.g., "..." or "___") and where the
transformed name starts with digits; call resourceName with these inputs and
assert the returned string respects DNS label rules (lowercase, hyphens only, no
leading/trailing hyphen, max 63 chars) and matches the expected output you
decide (e.g., suffix-only "lifecycle-server" or a cleaned name that does not
start with a digit). Use the same t.Run structure and require assertions
(require.Equal and require.LessOrEqual) so TestResourceName continues to
validate length and exact output for these edge-case inputs.

In `@pkg/lifecycle-controller/controller.go`:
- Around line 341-358: Update resourceName to defensively remove leading hyphens
and ensure the final label starts with a letter: after the existing
TrimRight(csName, "-") call, add strings.TrimLeft(csName, "-") to remove leading
dashes, and if csName is empty set csName = "a" (or otherwise ensure it will not
be empty before appending the suffix). Also, if the first rune of csName is not
a lowercase letter (e.g., it starts with a digit), prefix it with "a" so the
final value (csName + "-" + resourceBaseName) begins with a letter; adjust
truncation logic if necessary so the combined length still respects maxPrefix.
Reference: function resourceName and constant resourceBaseName.
- Around line 696-710: The handler passed to bldr.WatchesRawSource
(handler.TypedEnqueueRequestsFromMapFunc) currently swallows errors from
mgr.GetClient().List and returns nil, dropping the TLS profile update; change
the map func to accept the full configv1.TLSProfile object (rather than
TLSProfileSpec) so you can return a reconcile.Request that requeues the
TLSProfile itself when mgr.GetClient().List fails (use
client.ObjectKeyFromObject on the TLSProfile param), and keep the original
behavior of returning CatalogSource requests on success; update the
TypedEnqueueRequestsFromMapFunc signature and its callers accordingly and ensure
r.Log.Error still logs the error.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b1015d3d-9bae-4419-9199-6f68e8e99b31

📥 Commits

Reviewing files that changed from the base of the PR and between 122728c and ece75f8.

⛔ Files ignored due to path filters (6)
  • go.sum is excluded by !**/*.sum
  • vendor/github.com/openshift/controller-runtime-common/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/library-go/pkg/crypto/crypto.go is excluded by !**/vendor/**, !vendor/**
  • vendor/modules.txt is excluded by !**/vendor/**, !vendor/**
📒 Files selected for processing (29)
  • Makefile
  • cmd/lifecycle-controller/main.go
  • cmd/lifecycle-controller/start.go
  • cmd/lifecycle-controller/util.go
  • cmd/lifecycle-server/main.go
  • cmd/lifecycle-server/start.go
  • go.mod
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • microshift-manifests/kustomization.yaml
  • operator-lifecycle-manager.Dockerfile
  • pkg/lifecycle-controller/TODO.md
  • pkg/lifecycle-controller/controller.go
  • pkg/lifecycle-controller/controller_test.go
  • pkg/lifecycle-controller/tls.go
  • pkg/lifecycle-controller/tls_test.go
  • pkg/lifecycle-server/fbc.go
  • pkg/lifecycle-server/fbc_test.go
  • pkg/lifecycle-server/server.go
  • pkg/lifecycle-server/server_test.go
  • scripts/generate_crds_manifests.sh

Comment thread go.mod Outdated
Comment thread manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml Outdated
Comment thread manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml Outdated
Comment thread microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml Outdated
Comment thread scripts/generate_crds_manifests.sh Outdated
@perdasilva perdasilva force-pushed the lifecycle-controller branch 3 times, most recently from 74f8725 to c148b33 Compare April 30, 2026 12:33
coderabbitai[bot]
coderabbitai Bot reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

♻️ Duplicate comments (1)
go.mod (1)

254-254: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

The replace directive issue flagged in previous review remains unresolved.

As noted in the prior review, this replace directive points to a fork (joelanford/controller-runtime-common) that does not contain commit afe447e6c57e. The commit exists only in the upstream openshift/controller-runtime-common repository. This mismatch will cause module resolution failures.

Please address the previous review comment by either:

  1. Updating the replace to point to the upstream repository, or
  2. Ensuring the fork includes the required commit
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 254, The replace directive currently mapping
github.com/openshift/controller-runtime-common to
github.com/joelanford/controller-runtime-common at pseudo-version afe447e6c57e
is invalid because that fork does not contain that commit; update the go.mod
replace so the module resolution points to the upstream repo or to a fork that
actually contains commit afe447e6c57e — specifically change the replace target
from github.com/joelanford/controller-runtime-common to
github.com/openshift/controller-runtime-common (or ensure the joelanford fork is
updated to include commit afe447e6c57e) so the existing replace line and
pseudo-version resolve correctly.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@cmd/lifecycle-controller/start.go`:
- Around line 204-206: The current code in start.go masks all errors from
tlsutil.FetchAPIServerTLSProfile by unconditionally falling back to the default
profile and disabling the watcher; change the error handling so only the
specific "not found / no TLS profile configured" condition falls back: call
tlsutil.FetchAPIServerTLSProfile(ctx, cl) and if the returned error is the
sentinel/not-found condition (e.g., apierrors.IsNotFound(err) or a
tlsutil.ErrNoProfile sentinel exposed by tlsutil) then return
*configv1.TLSProfiles[crypto.DefaultTLSProfileType], false, nil; for any other
error from FetchAPIServerTLSProfile return nil (or propagate the error) so
startup fails and the watcher remains active; update the branch around
initialTLSProfileSpec and its error handling accordingly.
- Around line 278-300: The TLS watcher currently sends events into an unbuffered
tlsChangeChan in setupTLSProfileWatcher which can block the OnProfileChange
callback; change tlsChangeChan to a buffered channel (e.g., make(chan
event.TypedGenericEvent[configv1.TLSProfileSpec], 1) or a small configurable
buffer) so sends in tlsChangeChan <- ... inside the OnProfileChange closure
never block the watcher or shutdown path; update any callers/consumers if they
rely on synchronous behavior.

In `@pkg/lifecycle-controller/controller.go`:
- Around line 532-537: The egress rule added via WithEgress /
networkingv1ac.NetworkPolicyEgressRule currently only allows the backend
targetPort 6443 (specified with NetworkPolicyPort and intstr.FromInt32(6443)),
but Kubernetes services are reached via their service port (443) so
TokenReview/SAR calls will be blocked; update the NetworkPolicyPort list in the
WithEgress block (where NetworkPolicyEgressRule is built) to include a second
port entry for 443 in addition to 6443 so the policy permits traffic to
kubernetes.default.svc:443.

---

Duplicate comments:
In `@go.mod`:
- Line 254: The replace directive currently mapping
github.com/openshift/controller-runtime-common to
github.com/joelanford/controller-runtime-common at pseudo-version afe447e6c57e
is invalid because that fork does not contain that commit; update the go.mod
replace so the module resolution points to the upstream repo or to a fork that
actually contains commit afe447e6c57e — specifically change the replace target
from github.com/joelanford/controller-runtime-common to
github.com/openshift/controller-runtime-common (or ensure the joelanford fork is
updated to include commit afe447e6c57e) so the existing replace line and
pseudo-version resolve correctly.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: e97221ef-a124-4bdf-b6d8-66af5a489b65

📥 Commits

Reviewing files that changed from the base of the PR and between ece75f8 and 74f8725.

⛔ Files ignored due to path filters (5)
  • go.sum is excluded by !**/*.sum
  • vendor/github.com/openshift/controller-runtime-common/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go is excluded by !**/vendor/**, !vendor/**
  • vendor/modules.txt is excluded by !**/vendor/**, !vendor/**
📒 Files selected for processing (25)
  • Makefile
  • cmd/lifecycle-controller/main.go
  • cmd/lifecycle-controller/start.go
  • cmd/lifecycle-controller/util.go
  • go.mod
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/kustomization.yaml
  • operator-lifecycle-manager.Dockerfile
  • pkg/lifecycle-controller/TODO.md
  • pkg/lifecycle-controller/controller.go
  • pkg/lifecycle-controller/controller_test.go
  • pkg/lifecycle-controller/tls.go
  • pkg/lifecycle-controller/tls_test.go
  • scripts/generate_crds_manifests.sh
✅ Files skipped from review due to trivial changes (10)
  • microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • pkg/lifecycle-controller/TODO.md
  • manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • operator-lifecycle-manager.Dockerfile
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • pkg/lifecycle-controller/tls_test.go
  • scripts/generate_crds_manifests.sh
🚧 Files skipped from review as they are similar to previous changes (5)
  • microshift-manifests/kustomization.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • cmd/lifecycle-controller/util.go
  • cmd/lifecycle-controller/main.go
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml

Comment thread cmd/lifecycle-controller/start.go Outdated
Comment thread cmd/lifecycle-controller/start.go Outdated
Comment thread pkg/lifecycle-controller/controller.go
coderabbitai[bot]
coderabbitai Bot reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 895ba5ca-03fc-4a12-890d-41282603cecd

📥 Commits

Reviewing files that changed from the base of the PR and between 74f8725 and c148b33.

⛔ Files ignored due to path filters (27)
  • go.sum is excluded by !**/*.sum
  • vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/controller-runtime-common/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/library-go/pkg/crypto/crypto.go is excluded by !**/vendor/**, !vendor/**
  • vendor/modules.txt is excluded by !**/vendor/**, !vendor/**
📒 Files selected for processing (25)
  • Makefile
  • cmd/lifecycle-controller/main.go
  • cmd/lifecycle-controller/start.go
  • cmd/lifecycle-controller/util.go
  • go.mod
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/kustomization.yaml
  • operator-lifecycle-manager.Dockerfile
  • pkg/lifecycle-controller/TODO.md
  • pkg/lifecycle-controller/controller.go
  • pkg/lifecycle-controller/controller_test.go
  • pkg/lifecycle-controller/tls.go
  • pkg/lifecycle-controller/tls_test.go
  • scripts/generate_crds_manifests.sh
✅ Files skipped from review due to trivial changes (12)
  • microshift-manifests/kustomization.yaml
  • operator-lifecycle-manager.Dockerfile
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • pkg/lifecycle-controller/TODO.md
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • pkg/lifecycle-controller/tls_test.go
  • manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • cmd/lifecycle-controller/util.go
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
  • scripts/generate_crds_manifests.sh
🚧 Files skipped from review as they are similar to previous changes (5)
  • manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • go.mod
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml

Comment thread pkg/lifecycle-controller/controller.go
@perdasilva perdasilva force-pushed the lifecycle-controller branch 2 times, most recently from 7354ff8 to 0299300 Compare April 30, 2026 13:03
coderabbitai[bot]
coderabbitai Bot reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Nitpick comments (2)
staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile (1)

1-2: ⚡ Quick win

Prefer COPY here.

ADD is unnecessary for a local config directory and carries tar/URL semantics we don't need in this fixture.

Suggested fix 
 FROM scratch
-ADD configs /configs
+COPY configs /configs
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`
around lines 1 - 2, The Dockerfile uses "ADD configs /configs" which is
unnecessary; replace that ADD instruction with "COPY configs /configs" so the
local configs directory is copied without ADD's tar/URL behavior; update the
Dockerfile line that currently contains ADD configs /configs to use COPY instead
and keep the same destination path.
staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile (1)

1-2: ⚡ Quick win

Prefer COPY here.

ADD is unnecessary for a local config directory and carries tar/URL semantics we don't need in this fixture.

Suggested fix 
 FROM scratch
-ADD configs /configs
+COPY configs /configs
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`
around lines 1 - 2, Replace the ADD instruction with COPY in the Dockerfile so
the local configs directory is copied without ADD's extra tar/URL semantics;
update the Dockerfile's second line to use COPY configs /configs (leave the FROM
scratch line unchanged) to ensure the fixture uses the simpler, more appropriate
Dockerfile directive.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml`:
- Line 48: The startup argument
--catalog-source-field-selector=metadata.namespace=openshift-marketplace
hard-codes a namespace filter and prevents the lifecycle-controller from seeing
CatalogSource objects outside openshift-marketplace; remove this argument (or
replace it with a configurable value passed via an environment variable or
downward API) from the lifecycle-controller container args so the controller can
observe CatalogSources across namespaces (look for the lifecycle-controller
Deployment args list containing --catalog-source-field-selector and update it
accordingly).

In `@pkg/lifecycle-controller/controller.go`:
- Around line 151-166: The current loop returns the first running pod matching
the label which is non-deterministic; instead, filter pods to those with
Phase==corev1.PodRunning and with a Ready condition true, then choose a
deterministic candidate (for example pick the pod with the most recent
StartTime/CreationTimestamp) and return its imageID(p) and Spec.NodeName; update
the code around r.List and the loop that uses pods.Items to build a slice of
ready running pods, sort/select by pod.Status.StartTime (or CreationTimestamp)
and then call imageID(selectedPod) to return the digest and node.
- Around line 130-132: When imageRef == "" in the reconcile path (the block
around imageRef check in controller.go), instead of immediately returning,
delete any stale lifecycle-server resources (Deployment, Service,
ServiceAccount, NetworkPolicy) and remove or update the shared
ClusterRoleBinding (CRB) subject so RBAC is cleaned up, then re-sync the shared
CRB state before returning; implement or call a helper like
ensureLifecycleServerAbsent/cleanupLifecycleServerResources and a
resyncSharedCRB function from the reconcile loop (referencing imageRef,
reconcile/Reconcile method, and the ClusterRoleBinding subject handling) and
only then return ctrl.Result{}, nil (or requeue if needed).

In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go`:
- Around line 224-230: The Eventually block currently treats any error from
KubernetesInterface().RbacV1().ClusterRoleBindings().Get as success by returning
true; change the logic so GET errors do not satisfy the assertion: if Get
returns a NotFound error then return true (binding gone), if Get returns any
other error return false to keep retrying, and only return true when
crbContainsSubject(crb, name, ns.Name) is false; update the anonymous func in
the Eventually call that uses lcCRBName and crbContainsSubject accordingly.

---

Nitpick comments:
In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`:
- Around line 1-2: Replace the ADD instruction with COPY in the Dockerfile so
the local configs directory is copied without ADD's extra tar/URL semantics;
update the Dockerfile's second line to use COPY configs /configs (leave the FROM
scratch line unchanged) to ensure the fixture uses the simpler, more appropriate
Dockerfile directive.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`:
- Around line 1-2: The Dockerfile uses "ADD configs /configs" which is
unnecessary; replace that ADD instruction with "COPY configs /configs" so the
local configs directory is copied without ADD's tar/URL behavior; update the
Dockerfile line that currently contains ADD configs /configs to use COPY instead
and keep the same destination path.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ed000ad1-d469-4ecf-b22b-bb6685a2913c

📥 Commits

Reviewing files that changed from the base of the PR and between c148b33 and 0299300.

⛔ Files ignored due to path filters (27)
  • go.sum is excluded by !**/*.sum
  • vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/controller-runtime-common/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/library-go/pkg/crypto/crypto.go is excluded by !**/vendor/**, !vendor/**
  • vendor/modules.txt is excluded by !**/vendor/**, !vendor/**
📒 Files selected for processing (32)
  • Makefile
  • cmd/lifecycle-controller/main.go
  • cmd/lifecycle-controller/start.go
  • cmd/lifecycle-controller/util.go
  • go.mod
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/kustomization.yaml
  • operator-lifecycle-manager.Dockerfile
  • pkg/lifecycle-controller/TODO.md
  • pkg/lifecycle-controller/controller.go
  • pkg/lifecycle-controller/controller_test.go
  • pkg/lifecycle-controller/tls.go
  • pkg/lifecycle-controller/tls_test.go
  • scripts/generate_crds_manifests.sh
  • staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
  • staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/configs/catalog.json
✅ Files skipped from review due to trivial changes (13)
  • microshift-manifests/kustomization.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • pkg/lifecycle-controller/TODO.md
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • pkg/lifecycle-controller/tls_test.go
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • cmd/lifecycle-controller/start.go
🚧 Files skipped from review as they are similar to previous changes (7)
  • operator-lifecycle-manager.Dockerfile
  • microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • cmd/lifecycle-controller/util.go
  • cmd/lifecycle-controller/main.go
  • Makefile
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
  • scripts/generate_crds_manifests.sh

Comment thread microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml Outdated
Comment thread pkg/lifecycle-controller/controller.go Outdated
Comment thread pkg/lifecycle-controller/controller.go Outdated
Comment thread staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go Outdated
@perdasilva perdasilva force-pushed the lifecycle-controller branch from 0299300 to ef696c5 Compare April 30, 2026 13:29
coderabbitai[bot]
coderabbitai Bot reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (3)
staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile (1)

2-2: Use COPY instead of ADD for the plain directory copy.

The COPY instruction is the appropriate choice for copying local directories. The ADD instruction should be reserved for remote URLs and automatic tar extraction, avoiding unintended behavior.

Suggested patch 
-ADD configs /configs
+COPY configs /configs
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`
at line 2, The Dockerfile uses the ADD instruction to copy a local directory
(ADD configs /configs); replace that with the COPY instruction to avoid
unintended behavior—change the ADD configs /configs line to COPY configs
/configs in the Dockerfile so the local directory is copied plainly (no
automatic tar extraction or URL handling).
staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile (1)

2-2: Use COPY instead of ADD for plain directory copy.

ADD has extra semantics (URL/tar handling) that are unnecessary here and can be surprising. Since configs is a directory, COPY is the more appropriate choice.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`
at line 2, Replace the Dockerfile ADD instruction "ADD configs /configs" with
the equivalent COPY instruction by changing it to "COPY configs /configs" so the
plain directory copy uses COPY instead of ADD; update the Dockerfile line
containing ADD configs /configs accordingly.
pkg/lifecycle-controller/controller_test.go (1)

675-688: ⚡ Quick win

Add regression coverage for stale cleanup and multi-pod selection

Current tests don’t cover two critical edge paths:

  • pre-existing lifecycle resources when Line 130 returns with no imageRef, and
  • multiple running catalog pods requiring deterministic selection.

Adding these cases will lock in behavior and prevent regressions once controller fixes land.

Also applies to: 867-930

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller_test.go` around lines 675 - 688, Add two
tests to controller_test.go using the existing helpers (newCatalogSource,
testClientBuilder, testReconciler) that call r.Reconcile(ctx, ctrl.Request{...})
like TestReconcile_NoPodRunning: (1) create a CatalogSource with no imageRef and
pre-existing lifecycle resources (Lifecycle objects/conditions) and assert that
after Reconcile those stale lifecycle resources are removed/cleaned up and
Reconcile returns ctrl.Result{} with no error; (2) create a CatalogSource with
multiple running catalog Pods and assert the controller's deterministic
selection behavior by seeding Pods with distinct creationTimestamps/labels and
verifying Reconcile selected the expected pod (e.g., earliest CreationTimestamp
or the selection criterion implemented in Reconcile) and produced the expected
lifecycle update; use the same test helpers and assert on object
presence/absence and specific lifecycle status updates to lock in behavior.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml`:
- Around line 39-55: The RBAC rules currently grant the overly broad "update"
verb for the lifecycle controller on resources "services", "serviceaccounts",
"networkpolicies", and "clusterrolebindings"; remove "update" from the verbs
arrays for the rules that target these resources (the entries that list
resources: ["services"], ["serviceaccounts"], ["networkpolicies"], and
["clusterrolebindings"]) so they only use the needed verbs (e.g.,
"get","list","watch","create","patch","delete") to enforce least privilege
without changing reconcile behavior.

In `@pkg/lifecycle-controller/controller.go`:
- Around line 341-358: resourceName currently truncates long csName directly
which can make distinct CatalogSource names collide; update resourceName to
preserve uniqueness by computing a short deterministic hash when truncation is
needed: normalize csName as now, compute suffix using resourceBaseName,
determine maxPrefix for the prefix part, and if len(csName) > maxPrefix then
compute a compact hash (e.g., sha256 and hex-encode first 6 chars), trim csName
to fit maxPrefix minus len("-")+len(hash6) so you can insert "-<hash6>" before
"-"+resourceBaseName, then trim trailing "-" and return csName + "-" + hash6 +
"-" + resourceBaseName; ensure all name length checks still enforce the 63-char
limit and keep references to the resourceName function and resourceBaseName
symbol for locating the change.

In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go`:
- Around line 31-33: The test builds an HTTP fetch command with wget flags into
the args slice which currently includes "-S" (in the args variable assembled
with extraArgs and url), and "-S" can inject response headers into stderr that
pollutes captured logs and breaks json.Unmarshal assertions; remove the "-S"
flag from the args construction (and the other identical occurrence around lines
176-179) so args becomes []string{"-O", "/dev/stdout", "-q"} (and preserve
appending extraArgs and url), updating any test helper that assembles wget args
accordingly (locate the code that sets args, the extraArgs append sites, and the
uses that parse body to ensure they now receive clean JSON).

---

Nitpick comments:
In `@pkg/lifecycle-controller/controller_test.go`:
- Around line 675-688: Add two tests to controller_test.go using the existing
helpers (newCatalogSource, testClientBuilder, testReconciler) that call
r.Reconcile(ctx, ctrl.Request{...}) like TestReconcile_NoPodRunning: (1) create
a CatalogSource with no imageRef and pre-existing lifecycle resources (Lifecycle
objects/conditions) and assert that after Reconcile those stale lifecycle
resources are removed/cleaned up and Reconcile returns ctrl.Result{} with no
error; (2) create a CatalogSource with multiple running catalog Pods and assert
the controller's deterministic selection behavior by seeding Pods with distinct
creationTimestamps/labels and verifying Reconcile selected the expected pod
(e.g., earliest CreationTimestamp or the selection criterion implemented in
Reconcile) and produced the expected lifecycle update; use the same test helpers
and assert on object presence/absence and specific lifecycle status updates to
lock in behavior.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`:
- Line 2: The Dockerfile uses the ADD instruction to copy a local directory (ADD
configs /configs); replace that with the COPY instruction to avoid unintended
behavior—change the ADD configs /configs line to COPY configs /configs in the
Dockerfile so the local directory is copied plainly (no automatic tar extraction
or URL handling).

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`:
- Line 2: Replace the Dockerfile ADD instruction "ADD configs /configs" with the
equivalent COPY instruction by changing it to "COPY configs /configs" so the
plain directory copy uses COPY instead of ADD; update the Dockerfile line
containing ADD configs /configs accordingly.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 7a9ff271-0670-4015-a8af-f3a500641768

📥 Commits

Reviewing files that changed from the base of the PR and between 0299300 and 3f14838.

⛔ Files ignored due to path filters (262)
  • go.sum is excluded by !**/*.sum
  • vendor/github.com/openshift/api/config/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_dns.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudresourcetag.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserver.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiservernamedservingcert.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverservingcerts.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/audit.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/auditcustomrule.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authentication.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsingressspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsresourcetag.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureresourcetag.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/basicauthidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/build.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/builddefaults.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildoverrides.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerips.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clustercondition.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusternetworkentry.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperator.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatuscondition.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversion.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentoverride.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutespec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutestatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapfilereference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapnamereference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/console.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consoleauthentication.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolespec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolestatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/custom.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customfeaturegates.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/deprecatedwebhooktokenauthenticator.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dns.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnszone.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/equinixmetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalipconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalippolicy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/extramapping.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregate.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateattributes.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatedetails.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateselection.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatestatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gathererconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherers.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/githubidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gitlabidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/googleidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/htpasswdidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsource.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsourcestatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityproviderconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/image.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicyspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrors.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorset.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorsetspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagelabel.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagespec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagestatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrors.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorset.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorsetspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructure.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurespec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingress.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagather.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagatherspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/keystoneidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kubevirtplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapattributemapping.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/loadbalancer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/maxagepolicy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigration.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigrationvalues.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/network.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnostics.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticssourceplacement.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticstargetplacement.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkmigration.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/node.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodespec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodestatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixfailuredomain.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismelementendpoint.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismendpoint.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixresourceidentifier.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauth.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthremoteconnectioninfo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthtemplates.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/objectreference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientreference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openidclaims.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openididentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operandversion.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhub.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeclaimreference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/pkicertificatesubject.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyfulciosubject.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyidentity.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchexactrepository.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchremapidentity.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/profilecustomizations.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/project.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/projectspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/promqlclustercondition.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxyspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxystatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrylocation.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/release.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/repositorydigestmirrors.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requestheaderidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requiredhstspolicy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/scheduler.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/schedulerspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/secretnamereference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/signaturestore.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/storage.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/templatereference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlsprofilespec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmappings.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimorexpressionmapping.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationcelrule.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationrule.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenissuer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenrequiredclaim.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenuservalidationrule.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/updatehistory.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameprefix.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultapproleauthentication.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultauthentication.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultconfigmapreference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmsconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultsecretreference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaulttlsconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainhostgroup.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainregionaffinity.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainzoneaffinity.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformfailuredomainspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformnodenetworking.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformnodenetworkingspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformtopology.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformvcenterspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/webhooktokenauthenticator.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/additionalalertmanagerconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagerconfig.go is excluded by !**/vendor/**, !vendor/**
📒 Files selected for processing (32)
  • Makefile
  • cmd/lifecycle-controller/main.go
  • cmd/lifecycle-controller/start.go
  • cmd/lifecycle-controller/util.go
  • go.mod
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/kustomization.yaml
  • operator-lifecycle-manager.Dockerfile
  • pkg/lifecycle-controller/TODO.md
  • pkg/lifecycle-controller/controller.go
  • pkg/lifecycle-controller/controller_test.go
  • pkg/lifecycle-controller/tls.go
  • pkg/lifecycle-controller/tls_test.go
  • scripts/generate_crds_manifests.sh
  • staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
  • staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/configs/catalog.json
✅ Files skipped from review due to trivial changes (12)
  • operator-lifecycle-manager.Dockerfile
  • cmd/lifecycle-controller/main.go
  • manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • cmd/lifecycle-controller/util.go
  • pkg/lifecycle-controller/tls_test.go
  • microshift-manifests/kustomization.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • pkg/lifecycle-controller/TODO.md
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
  • go.mod
🚧 Files skipped from review as they are similar to previous changes (7)
  • manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • Makefile
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml

Comment thread manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml Outdated
Comment thread pkg/lifecycle-controller/controller.go
Comment thread staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go Outdated
@openshift-ci openshift-ci Bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 30, 2026
@perdasilva perdasilva force-pushed the lifecycle-controller branch 6 times, most recently from 2f555a5 to 6ef40ba Compare April 30, 2026 14:29
@openshift-ci openshift-ci Bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 30, 2026
@perdasilva
Copy link
Copy Markdown
Contributor Author

perdasilva commented Apr 30, 2026

@coderabbitai resume

coderabbitai[bot]
coderabbitai Bot reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (7)
microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml (1)

62-63: 💤 Low value

Verify GOMEMLIMIT of 5MiB is sufficient for the lifecycle-controller.

The GOMEMLIMIT=5MiB is quite low for a controller-runtime based application. While the memory request is 10Mi, controller-runtime's informer caches can grow depending on the number of watched objects (CatalogSources, Pods, Deployments, etc.). If the cluster has many catalog sources or resources, GC pressure could become significant.

Consider monitoring memory usage in practice or increasing to a more comfortable threshold (e.g., 8MiB or matching the request).

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml`
around lines 62 - 63, The GOMEMLIMIT environment variable for the
lifecycle-controller is set to an unusually low "5MiB"; update the container's
env entry (GOMEMLIMIT) in the lifecycle-controller deployment manifest to a
higher, safer value such as "8MiB" or one that matches the memory request (e.g.,
"10MiB") to reduce GC pressure for controller-runtime informer caches and
monitor memory usage after deployment.
pkg/lifecycle-controller/controller_test.go (1)

168-172: 💤 Low value

Test case "distinct long names produce different results" is self-referential.

The expected value calls resourceName(...) with the same input as the test, which makes this test case a tautology—it will always pass regardless of implementation correctness. Consider using a pre-computed expected value instead.

However, the actual collision prevention is validated in TestResourceName_NoCollision (Lines 184-190), which correctly tests two distinct long names produce different outputs. This test case appears to be a placeholder for documenting the pattern rather than a strict assertion.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller_test.go` around lines 168 - 172, The test
case named "distinct long names produce different results" is tautological
because it computes expected by calling resourceName on the same input; change
it to assert against a concrete, precomputed expected string instead of calling
resourceName(input). Locate the test case in controller_test.go and replace
expected:
resourceName("this-is-a-very-long-catalog-source-name-that-exceeds-the-dns-xxxxx")
with the actual expected resource name value (the precomputed hashed/truncated
result your resourceName implementation should produce) so the test fails if
resourceName regresses; keep the test name and input unchanged and only modify
the expected value to a constant string.
pkg/lifecycle-controller/controller.go (1)

726-741: 💤 Low value

TLS profile change handler logs error but returns nil, silently dropping the requeue.

When listing CatalogSources fails in the TLS change handler (Line 730-733), the error is logged but the function returns nil, meaning no reconciliation requests are enqueued. A transient API server error during TLS profile changes could leave lifecycle-server deployments running with stale TLS configurations until the next unrelated reconcile.

Consider returning a sentinel request that triggers a delayed requeue, or relying on the periodic resync if that's acceptable for TLS propagation latency.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller.go` around lines 726 - 741, The
TLS-profile change handler currently logs errors from mgr.GetClient().List but
returns nil, dropping reconciliation; modify the TypedEnqueueRequestsFromMapFunc
handler (the closure passed to source.Channel(tlsProfileChan,
handler.TypedEnqueueRequestsFromMapFunc(...))) so that when
mgr.GetClient().List(ctx, &catalogSources) returns an error you return a
sentinel reconcile.Request to force a retry (e.g., a single request that will
requeue the controller instead of an empty slice), and keep r.Log.Error(...) for
visibility; ensure you still return the full list of reconcile.Request for the
successful-list path so CatalogSource objects are enqueued as before.
staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile (2)

3-3: ⚡ Quick win

Pin the base image to an immutable digest instead of :latest.

Using :latest makes test behavior drift over time and can cause non-reproducible CI results.

Proposed change 
-FROM quay.io/operator-framework/opm:latest
+FROM quay.io/operator-framework/opm@sha256:<resolved-digest>
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile`
at line 3, The Dockerfile currently uses a floating tag "FROM
quay.io/operator-framework/opm:latest"; change this to a pinned immutable digest
by replacing that FROM line with the same image referenced by its sha256 digest
(e.g., quay.io/operator-framework/opm@sha256:...) so the base image is fixed and
CI/tests are reproducible—update the FROM instruction in the Dockerfile
accordingly and commit the pinned digest.

3-15: ⚡ Quick win

Set an explicit non-root runtime user.

Please set USER explicitly so this image remains compliant with restricted policies even if base-image defaults change.

Proposed change 
 FROM quay.io/operator-framework/opm:latest
@@
 RUN ["/bin/opm", "serve", "/configs", "--cache-dir=/tmp/cache", "--cache-only"]
+USER 65532:65532
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile`
around lines 3 - 15, The image lacks an explicit non-root runtime user: add a
USER instruction with a non-root uid/gid (e.g., 1000 or 65534) after the file
setup steps and before runtime execution, and update the Dockerfile so the
created runtime user can access the copied files by chown-ing /configs and the
cache dir in the RUN stage (ensure permissions for /tmp/cache and /configs);
keep ENTRYPOINT ["/bin/opm"], CMD ["serve"...] and the LABEL unchanged so the
container runs as the non-root user.
staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json (1)

1-3: ⚡ Quick win

Exclude NDJSON catalog fixtures from strict single-JSON linting.

This fixture is newline-delimited JSON records, so strict JSON parsers (like Biome in single-document mode) will keep flagging parse errors. Consider excluding this path from that rule (or treating these fixtures as JSONL) to avoid noisy failures.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json`
around lines 1 - 3, This NDJSON fixture contains newline-delimited JSON records
(schemas "olm.package", "olm.channel", "olm.bundle") and should be excluded from
strict single-JSON linting; update the lint configuration (or Biome rule set) to
either treat these catalog fixtures as JSONL or add a rule/ignore entry that
excludes files matching this catalog pattern (the catalog.json NDJSON fixture
containing entries with "olm.package"/"olm.channel"/"olm.bundle") so the linter
no longer enforces single-document JSON parsing on these fixtures.
pkg/lifecycle-server/fbc.go (1)

117-123: ⚡ Quick win

Return lifecycle versions in deterministic order.

ListVersions() currently depends on map iteration order, which is nondeterministic. Sorting here avoids unstable logs and caller behavior.

♻️ Proposed fix 
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"os"
 	"regexp"
+	"sort"
 	"sync"
@@
 func (index LifecycleIndex) ListVersions() []string {
 	versions := make([]string, 0, len(index))
 	for v := range index {
 		versions = append(versions, v)
 	}
+	sort.Strings(versions)
 	return versions
 }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-server/fbc.go` around lines 117 - 123, ListVersions currently
returns map keys in nondeterministic order; modify LifecycleIndex.ListVersions
to produce a deterministic sorted slice by collecting keys into versions and
calling sort.Strings(versions) before returning. Update the function that builds
versions (ListVersions) and import the sort package if missing so callers
receive a stable, sorted list of lifecycle versions.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml`:
- Around line 62-63: The GOMEMLIMIT environment variable for the
lifecycle-controller is set to an unusually low "5MiB"; update the container's
env entry (GOMEMLIMIT) in the lifecycle-controller deployment manifest to a
higher, safer value such as "8MiB" or one that matches the memory request (e.g.,
"10MiB") to reduce GC pressure for controller-runtime informer caches and
monitor memory usage after deployment.

In `@pkg/lifecycle-controller/controller_test.go`:
- Around line 168-172: The test case named "distinct long names produce
different results" is tautological because it computes expected by calling
resourceName on the same input; change it to assert against a concrete,
precomputed expected string instead of calling resourceName(input). Locate the
test case in controller_test.go and replace expected:
resourceName("this-is-a-very-long-catalog-source-name-that-exceeds-the-dns-xxxxx")
with the actual expected resource name value (the precomputed hashed/truncated
result your resourceName implementation should produce) so the test fails if
resourceName regresses; keep the test name and input unchanged and only modify
the expected value to a constant string.

In `@pkg/lifecycle-controller/controller.go`:
- Around line 726-741: The TLS-profile change handler currently logs errors from
mgr.GetClient().List but returns nil, dropping reconciliation; modify the
TypedEnqueueRequestsFromMapFunc handler (the closure passed to
source.Channel(tlsProfileChan, handler.TypedEnqueueRequestsFromMapFunc(...))) so
that when mgr.GetClient().List(ctx, &catalogSources) returns an error you return
a sentinel reconcile.Request to force a retry (e.g., a single request that will
requeue the controller instead of an empty slice), and keep r.Log.Error(...) for
visibility; ensure you still return the full list of reconcile.Request for the
successful-list path so CatalogSource objects are enqueued as before.

In `@pkg/lifecycle-server/fbc.go`:
- Around line 117-123: ListVersions currently returns map keys in
nondeterministic order; modify LifecycleIndex.ListVersions to produce a
deterministic sorted slice by collecting keys into versions and calling
sort.Strings(versions) before returning. Update the function that builds
versions (ListVersions) and import the sort package if missing so callers
receive a stable, sorted list of lifecycle versions.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile`:
- Line 3: The Dockerfile currently uses a floating tag "FROM
quay.io/operator-framework/opm:latest"; change this to a pinned immutable digest
by replacing that FROM line with the same image referenced by its sha256 digest
(e.g., quay.io/operator-framework/opm@sha256:...) so the base image is fixed and
CI/tests are reproducible—update the FROM instruction in the Dockerfile
accordingly and commit the pinned digest.
- Around line 3-15: The image lacks an explicit non-root runtime user: add a
USER instruction with a non-root uid/gid (e.g., 1000 or 65534) after the file
setup steps and before runtime execution, and update the Dockerfile so the
created runtime user can access the copied files by chown-ing /configs and the
cache dir in the RUN stage (ensure permissions for /tmp/cache and /configs);
keep ENTRYPOINT ["/bin/opm"], CMD ["serve"...] and the LABEL unchanged so the
container runs as the non-root user.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json`:
- Around line 1-3: This NDJSON fixture contains newline-delimited JSON records
(schemas "olm.package", "olm.channel", "olm.bundle") and should be excluded from
strict single-JSON linting; update the lint configuration (or Biome rule set) to
either treat these catalog fixtures as JSONL or add a rule/ignore entry that
excludes files matching this catalog pattern (the catalog.json NDJSON fixture
containing entries with "olm.package"/"olm.channel"/"olm.bundle") so the linter
no longer enforces single-document JSON parsing on these fixtures.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 77cec337-9795-4712-9959-918696786f17

📥 Commits

Reviewing files that changed from the base of the PR and between 777565f and af2591a.

⛔ Files ignored due to path filters (224)
  • go.sum is excluded by !**/*.sum
  • vendor/github.com/openshift/api/config/v1/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_dns.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudresourcetag.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserver.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiservernamedservingcert.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverservingcerts.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/audit.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/auditcustomrule.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authentication.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsingressspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsresourcetag.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureresourcetag.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/basicauthidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/build.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/builddefaults.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildoverrides.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerips.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clustercondition.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusternetworkentry.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperator.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatuscondition.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversion.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentoverride.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutespec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutestatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapfilereference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapnamereference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/console.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consoleauthentication.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolespec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolestatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/custom.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customfeaturegates.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/deprecatedwebhooktokenauthenticator.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dns.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnszone.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/equinixmetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalipconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalippolicy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/extramapping.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregate.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateattributes.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatedetails.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateselection.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatestatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gathererconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherers.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/githubidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gitlabidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/googleidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/htpasswdidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsource.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsourcestatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityproviderconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/image.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicyspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrors.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorset.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorsetspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagelabel.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagespec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagestatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrors.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorset.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorsetspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructure.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurespec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingress.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagather.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagatherspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/keystoneidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kubevirtplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapattributemapping.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/loadbalancer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/maxagepolicy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigration.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigrationvalues.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/network.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnostics.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticssourceplacement.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticstargetplacement.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkmigration.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/node.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodespec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodestatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixfailuredomain.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismelementendpoint.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismendpoint.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixresourceidentifier.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauth.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthremoteconnectioninfo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthtemplates.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/objectreference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientreference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openidclaims.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openididentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operandversion.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhub.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeclaimreference.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeconfig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/pkicertificatesubject.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyfulciosubject.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyidentity.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchexactrepository.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchremapidentity.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/profilecustomizations.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/project.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/projectspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/promqlclustercondition.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxyspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxystatus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrylocation.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/release.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/repositorydigestmirrors.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requestheaderidentityprovider.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requiredhstspolicy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/scheduler.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/schedulerspec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/secretnamereference.go is excluded by !**/vendor/**, !vendor/**
📒 Files selected for processing (37)
  • Makefile
  • cmd/lifecycle-controller/main.go
  • cmd/lifecycle-controller/start.go
  • cmd/lifecycle-controller/util.go
  • cmd/lifecycle-server/main.go
  • cmd/lifecycle-server/start.go
  • go.mod
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/kustomization.yaml
  • operator-lifecycle-manager.Dockerfile
  • pkg/lifecycle-controller/TODO.md
  • pkg/lifecycle-controller/controller.go
  • pkg/lifecycle-controller/controller_test.go
  • pkg/lifecycle-controller/tls.go
  • pkg/lifecycle-controller/tls_test.go
  • pkg/lifecycle-server/fbc.go
  • pkg/lifecycle-server/fbc_test.go
  • pkg/lifecycle-server/server.go
  • pkg/lifecycle-server/server_test.go
  • scripts/generate_crds_manifests.sh
  • staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
  • staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/configs/catalog.json
✅ Files skipped from review due to trivial changes (10)
  • cmd/lifecycle-server/main.go
  • operator-lifecycle-manager.Dockerfile
  • microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
  • microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
  • staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
  • microshift-manifests/kustomization.yaml
  • staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
  • pkg/lifecycle-controller/TODO.md
🚧 Files skipped from review as they are similar to previous changes (10)
  • manifests/0000_50_olm_08-lifecycle-controller.service.yaml
  • manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
  • pkg/lifecycle-server/fbc_test.go
  • manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
  • cmd/lifecycle-server/start.go
  • pkg/lifecycle-server/server.go
  • staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
  • Makefile
  • go.mod
  • scripts/generate_crds_manifests.sh

@perdasilva perdasilva force-pushed the lifecycle-controller branch 11 times, most recently from f05c3fc to 4eac709 Compare May 6, 2026 14:30
@perdasilva
Copy link
Copy Markdown
Contributor Author

perdasilva commented May 6, 2026

@coderabbitai resume

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 6, 2026

No description provided.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 6, 2026

✅ Actions performed

Reviews resumed.

@perdasilva
Copy link
Copy Markdown
Contributor Author

perdasilva commented May 6, 2026

/unhold

@openshift-ci openshift-ci Bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 6, 2026
@perdasilva perdasilva force-pushed the lifecycle-controller branch from 4eac709 to 5ec530e Compare May 6, 2026 15:25
@perdasilva
Copy link
Copy Markdown
Contributor Author

perdasilva commented May 7, 2026

/retest

@perdasilva perdasilva force-pushed the lifecycle-controller branch from 5ec530e to 3491ce7 Compare May 7, 2026 07:18
@openshift-ci openshift-ci Bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 7, 2026
@claude
vendor: update openshift/api and openshift/library-go
c483f74 
Bumps vendored dependencies to compatible versions:
- openshift/api v0.0.0-20260429211050
- openshift/library-go v0.0.0-20260213153706

Removes the controller-runtime-common replace directive by using
the published openshift/controller-runtime-common module directly.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@perdasilva perdasilva force-pushed the lifecycle-controller branch from 3491ce7 to ec7e58a Compare May 7, 2026 15:11
@openshift-ci openshift-ci Bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 7, 2026
@perdasilva
Copy link
Copy Markdown
Contributor Author

perdasilva commented May 7, 2026

/retest

@perdasilva perdasilva force-pushed the lifecycle-controller branch from ec7e58a to 6a41470 Compare May 8, 2026 14:43
@claude
feat: add lifecycle-controller for managing catalog lifecycle pods
756628f 
Introduces a lifecycle-controller that watches CatalogSources and manages
per-catalog lifecycle-server deployments. For each matching CatalogSource
with a running pod, the controller creates a Deployment, ServiceAccount,
Service, and NetworkPolicy using server-side apply, and maintains a shared
ClusterRoleBinding across all lifecycle-server instances.

Key components:
- cmd/lifecycle-controller: CLI entrypoint with TLS profile watching,
  leader election, metrics serving, and health/readiness probes
- pkg/lifecycle-controller: Reconciler with SSA-based resource management,
  thread-safe TLS config provider, and catalog pod image extraction
- RBAC, Deployment, Service, NetworkPolicy manifests for build/deployment
  (gated behind TechPreviewNoUpgrade)

Also vendors controller-runtime-common for OpenShift TLS profile support.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@perdasilva perdasilva force-pushed the lifecycle-controller branch from 6a41470 to 756628f Compare May 8, 2026 14:45
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented May 8, 2026

@perdasilva: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-gcp-olm 756628f link true /test e2e-gcp-olm

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@rashmigottipati
Copy link
Copy Markdown
Member

rashmigottipati commented May 8, 2026

/test e2e-gcp-olm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@pedjak pedjak Awaiting requested review from pedjak

@rashmigottipati rashmigottipati Awaiting requested review from rashmigottipati

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@perdasilva @openshift-ci-robot @rashmigottipati