HYPERFLEET-1278 - feat: remove email restriction for audit fields

[rh-amarin]

Summary

Updates to core spec v.1.0.25

This spect itself is versioned as v1.0.26 as its version is independent of the core contract

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• New Features
  • API, OpenAPI, and Swagger versions were updated to 1.0.26.
• Bug Fixes
  • Relaxed validation on several identity-related fields so they now accept plain strings instead of requiring email-formatted values.

Walkthrough

API version is bumped from 1.0.25 to 1.0.26 in main.tsp, openapi.yaml, and swagger.yaml. The hyperfleet dependency in package.json is re-pinned from v1.0.24 to v1.0.25. Across six resource definitions — Channel, Cluster, NodePool, NodePoolCreateResponse, Version, and WifConfig — the created_by, updated_by, and deleted_by fields drop format: email, leaving them as unconstrained string types in both the OpenAPI and Swagger schema templates.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

---

Supply chain flag: package.json re-pins hyperfleet to a GitHub source ref tag (v1.0.25), not a content-addressable SHA. Tags are mutable. This is a CWE-829 (Inclusion of Functionality from Untrusted Control Sphere) risk — a tag force-push silently substitutes the dependency. Pin to an immutable commit SHA.

Schema weakening: Removing format: email from created_by/updated_by/deleted_by removes the only schema-layer input validation on those fields. Any downstream consumer relying on format validation for identity fields (e.g., audit log integrity, access control lookups) now accepts arbitrary strings. If identity fields feed into RBAC or audit pipelines in the Adapter or Sentinel components, this is relevant to CWE-20 (Improper Input Validation). Confirm server-side validation enforces email format independently of the schema constraint before this ships.

🚥 Pre-merge checks | ✅ 11

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title matches the main change: removing email validation from audit fields.
Description check	✅ Passed	The description is related to the spec version update and its independent versioning.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output	✅ Passed	No log statements with token/password/credential/secret fields or interpolations were found; CWE-532 not triggered.
No Hardcoded Secrets	✅ Passed	PASS: no hardcoded credentials (CWE-798/CWE-259) or secret blobs in modified lines; only version bumps and schema format relaxations.
No Weak Cryptography	✅ Passed	PASS: Changed files only bump versions and schema constraints; repo search found no MD5/DES/RC4/SHA1-HMAC/ECB, custom crypto, or non-constant-time compares (CWE-327).
No Injection Vectors	✅ Passed	Changed files are metadata/schema-only; no SQL concatenation, exec.Command, template.HTML, or yaml.Unmarshal on untrusted input (CWE-89/78/79/502).
No Privileged Containers	✅ Passed	No deployed manifests/Dockerfiles changed; scans found no privileged=true, hostNetwork, SYS_ADMIN, or root settings (CWE-250).
No Pii Or Sensitive Data In Logs	✅ Passed	Touched files only bump versions and relax schema validation; no slog/logr/zap/fmt.Print* calls or other log output exposing PII (CWE-532).

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

✨ Simplify code

• Create PR with simplified code

---

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

schemas/template/openapi.yaml (1)

1502-1514: 🗄️ Data Integrity & Integration | 🟠 Major | 🏗️ Heavy lift

Update the linked architecture/codegen contract with this schema relaxation.

These ranges remove the public format: email contract from audit fields, but the linked architecture repo still documents created_by / updated_by as { type: string, format: email }, and hyperfleet/standards/generated-code-policy.md:327 still models CreatedBy as openapi_types.Email. That leaves the published schema, architecture guidance, and codegen policy out of sync for downstream validators and generated clients. As per path instructions, "Validate changes against HyperFleet architecture standards from the linked architecture repository."

Also applies to: 1667-1678, 2030-2041, 2222-2233, 2628-2639, 2813-2824

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@schemas/template/openapi.yaml` around lines 1502 - 1514, The audit field
schema has been relaxed to plain strings, but the architecture and codegen
contract still treat created_by and updated_by as email-typed fields. Update the
linked architecture documentation and
hyperfleet/standards/generated-code-policy.md to match the new schema by
removing the email format/Email type from these audit fields, and ensure any
generated-code references to CreatedBy/UpdatedBy use string-based modeling so
downstream validators and clients stay consistent.

Sources: Path instructions, Linked repositories

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@main.tsp`:
- Line 36: The `@info.version` entry in main.tsp is not being emitted in the exact
string format that the CI version extraction step expects, causing the parse to
fail. Update the version declaration so it matches the CI parser’s required
`version: "..."` shape exactly, using the existing version symbol in main.tsp,
or adjust the workflow parser in the same change if the format must change.

---

Outside diff comments:
In `@schemas/template/openapi.yaml`:
- Around line 1502-1514: The audit field schema has been relaxed to plain
strings, but the architecture and codegen contract still treat created_by and
updated_by as email-typed fields. Update the linked architecture documentation
and hyperfleet/standards/generated-code-policy.md to match the new schema by
removing the email format/Email type from these audit fields, and ensure any
generated-code references to CreatedBy/UpdatedBy use string-based modeling so
downstream validators and clients stay consistent.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 88f94e82-2cc4-43e8-9187-4fe53d45df18

📥 Commits

Reviewing files that changed from the base of the PR and between 15e51e6 and 77f635c.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (4)

• main.tsp
• package.json
• schemas/template/openapi.yaml
• schemas/template/swagger.yaml

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• openshift-hyperfleet/architecture (manual)
• openshift-hyperfleet/hyperfleet-api (manual)
• openshift-hyperfleet/hyperfleet-sentinel (manual)
• openshift-hyperfleet/hyperfleet-adapter (manual)
• openshift-hyperfleet/hyperfleet-broker (manual)

[coderabbitai]

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Keep @info.version in the exact format CI parses.

Line 36 is part of the merge gate: .github/workflows/ci.yml:42-64 extracts version: "..." from main.tsp, and this PR already fails that step with Failed to extract version from main.tsp. Merge stays blocked until this entry is emitted in the exact parseable form or the workflow is updated in the same change.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@main.tsp` at line 36, The `@info.version` entry in main.tsp is not being
emitted in the exact string format that the CI version extraction step expects,
causing the parse to fail. Update the version declaration so it matches the CI
parser’s required `version: "..."` shape exactly, using the existing version
symbol in main.tsp, or adjust the workflow parser in the same change if the
format must change.

Source: Pipeline failures

[kuudori]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kuudori

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [kuudori]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment