OCPBUGS-73945: Allow custom feature gates to be exempted from upgrade blocking

[copejon]

Summary by CodeRabbit

• New Features

  • Added a new feature-gate group specialHandlingSupportExceptionRequired with enabled/disabled lists to manage special-handling exceptions.

• Documentation

  • Updated docs and sample/default configs to include the new feature-gate group and clearer descriptions of upgrade-blocking behavior.

• Chores

  • Standardized customNoUpgrade representation to an enable/disable list structure (affects config schema and packaged defaults).

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci-robot]

@copejon: This pull request references Jira Issue OCPBUGS-73945, which is invalid:

• expected the bug to target either version "4.22." or "openshift-4.22.", but it targets "4.21.z" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: copejon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [copejon]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[copejon]

/jira refresh

[copejon]

/jira refresh

[openshift-ci-robot]

@copejon: This pull request references Jira Issue OCPBUGS-73945, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @jogeo

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[copejon]

/test e2e-aws-tests
/test e2e-aws-tests-arm
/test verify

[ggiguash]

@coderabbitai perform full review

[coderabbitai]

@ggiguash: I'll perform a full review of all the changes in this PR.

✅ Actions performed

Full review triggered.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new feature-gate group specialHandlingSupportExceptionRequired, renames CustomNoUpgrade → EnableDisableFeatures, updates OpenAPI/schema and packaging defaults, and refactors feature-gate lock management and tests to validate upgrades against special-handling-exception rules.

Changes

Cohort / File(s)	Summary
OpenAPI & docs cmd/generate-config/config/config-openapi-spec.json, docs/user/howto_config.md	Added specialHandlingSupportExceptionRequired under apiServer.featureGates (enabled/disabled arrays) and included it in required keys; expanded customNoUpgrade description; updated sample/default config docs.
Packaging default config packaging/microshift/config.yaml	Added specialHandlingSupportExceptionRequired block and comments; adjusted customNoUpgrade entries and explanatory comments.
Config types pkg/config/apiserver.go	Introduced exported EnableDisableFeatures{Enabled,Disabled} type; replaced CustomNoUpgrade with EnableDisableFeatures; added SpecialHandlingSupportExceptionRequired EnableDisableFeatures to FeatureGates.
Feature-gate lock logic pkg/admin/prerun/featuregate_lock.go	Refactored to accept *config.FeatureGates (instead of *config.Config), changed lock-file struct to store EnableDisableFeatures, added upgradeChecksPass with set-difference logic to block upgrades when enabled custom gates lack the required special-handling exception, and improved validation/error messages.
Tests pkg/admin/prerun/featuregate_lock_test.go	Updated fixtures and assertions to use EnableDisableFeatures; adjusted function signatures to accept pointers to config.FeatureGates; expanded version-change tests to cover specialHandlingSupportExceptionRequired scenarios and updated lock-file test handling.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Exec as Executable
participant CFG as config.FeatureGates
participant Lock as feature-gate lock file (FS)
participant Validator as upgradeChecksPass
Exec->>CFG: load current feature gates
Exec->>Lock: read existing lock file
Lock-->>Exec: return lockFile (featureSet, customNoUpgrade)
Exec->>Validator: validate differences (CFG, lockFile)
Validator->>CFG: compute enabled/disabled sets
Validator->>Lock: compute gaps vs specialHandlingSupportExceptionRequired
alt blocked upgrade
Validator-->>Exec: return error with remediation steps
else allowed upgrade
Validator-->>Exec: return success

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and clearly describes the main change: allowing custom feature gates to be exempted from upgrade blocking, which is the primary objective of the PR.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

pkg/admin/prerun/featuregate_lock_test.go (1)

131-136: ⚠️ Potential issue | 🟡 Minor

Duplicate error check — the same err is checked and reported twice.

Lines 131–133 and 134–136 are identical.

Proposed fix

 			err := configValidationChecksPass(featureGateLockFile{
 				FeatureSet:      tt.fg.FeatureSet,
 				CustomNoUpgrade: tt.fg.CustomNoUpgrade,
 			}, &tt.fg)
 			if err != nil {
 				t.Errorf("featureValidationsPass() error = %v", err)
 			}
-			if err != nil {
-				t.Errorf("featureValidationsPass() error = %v", err)
-			}

pkg/config/apiserver.go (1)

142-157: ⚠️ Potential issue | 🟠 Major

Extend validateFeatureGates to validate SpecialHandlingSupportExceptionRequired.

The new SpecialHandlingSupportExceptionRequired field is not validated (lines 187–229). This allows invalid configurations such as:

• Required feature gates listed in SpecialHandlingSupportExceptionRequired.Disabled
• The same gate in both enabled and disabled lists within SpecialHandlingSupportExceptionRequired
• Gates in SpecialHandlingSupportExceptionRequired that don't exist in CustomNoUpgrade (which has no effect and may confuse users)

Additionally, the GoString() method (lines 176–177) omits SpecialHandlingSupportExceptionRequired from its output, making debugging incomplete.

🤖 Fix all issues with AI agents

In `@pkg/admin/prerun/featuregate_lock_test.go`:
- Around line 455-467: The test case labeled "minor version upgrade with special
handling support exception should succeed" uses getVersion(1, -21, 0) which
yields a major version change instead of a minor bump; update the test to use
getVersion(0, 1, 0) so currentVer represents the intended minor upgrade (e.g.,
4.21.0 -> 4.22.0). Locate the table entry in featuregate_lock_test.go (the
struct with fields name, lockFileVer, currentVer, wantErr, description,
customNoUpgrade, specialHandlingSupportException) and replace the currentVer
value for that case from getVersion(1, -21, 0) to getVersion(0, 1, 0).

🧹 Nitpick comments (1)

pkg/admin/prerun/featuregate_lock.go (1)

131-136: Minor: variable assignment between error-producing call and its error check.

lockedVersion assignment on line 133 sits between the getExecutableVersion() call and the err check. While correct, this is unusual Go style and could be slightly confusing.

Proposed reorder

 func upgradeChecksPass(lockFile featureGateLockFile, fgCfg *config.FeatureGates) error {
 	currentExecutableVersion, err := getExecutableVersion()
-	lockedVersion := lockFile.Version
 	if err != nil {
 		return fmt.Errorf("failed to get current executable version: %w", err)
 	}
+	lockedVersion := lockFile.Version

[ggiguash]

@coderabbitai update PR description

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

@ggiguash: I'll update the PR description with a more comprehensive summary of the changes.

---

🏁 Script executed:

#!/bin/bash

# Update the PR description
gh pr edit 6139 --body "## Overview

This PR implements support for exempting custom feature gates from blocking upgrades in MicroShift. It introduces a new configuration field that allows administrators to specify which custom feature gates should be permitted during version upgrades, addressing scenarios where certain non-default feature gates need to remain enabled across upgrades without blocking the process.

## Changes

### Configuration Schema Updates
- Added new \`specialHandlingSupportExceptionRequired\` field under \`apiServer.featureGates\` with \`enabled\` and \`disabled\` lists
- Renamed \`CustomNoUpgrade\` type to \`EnableDisableFeatures\` for better clarity and reusability
- Updated OpenAPI spec and configuration documentation to reflect new schema

### Upgrade Logic Enhancements
- Refactored \`upgradeChecksPass\` function to validate feature gate changes during version upgrades
- Implemented set-based difference logic to identify custom gates lacking special handling exceptions
- Enhanced feature gate lock file validation to support the new exemption model
- Updated lock file structure to use \`EnableDisableFeatures\` type

### Documentation & Configuration
- Updated \`docs/user/howto_config.md\` with sample configuration for the new field
- Added descriptive comments in \`packaging/microshift/config.yaml\` explaining the new feature gate options
- Enhanced field descriptions in the OpenAPI spec for better clarity

### Testing
- Extended unit tests in \`pkg/admin/prerun/featuregate_lock_test.go\` to cover upgrade scenarios with special handling exceptions
- Added test cases for version change validation with custom feature gates

## Related Issue

Fixes: OCPBUGS-73945

## Testing Performed

- Unit tests for feature gate lock management and upgrade validation
- E2E tests triggered: e2e-aws-tests, e2e-aws-tests-arm, verify"

Length of output: 944

---

@ggiguash: I'm unable to directly update the PR description due to workflow restrictions. However, I've prepared an improved description for you to add manually via the GitHub UI:

---

Overview

This PR implements support for exempting custom feature gates from blocking upgrades in MicroShift. It introduces a new configuration field that allows administrators to specify which custom feature gates should be permitted during version upgrades, addressing scenarios where certain non-default feature gates need to remain enabled across upgrades without blocking the process.

Changes

Configuration Schema Updates

• Added new specialHandlingSupportExceptionRequired field under apiServer.featureGates with enabled and disabled lists
• Renamed CustomNoUpgrade type to EnableDisableFeatures for better clarity and reusability
• Updated OpenAPI spec and configuration documentation to reflect new schema

Upgrade Logic Enhancements

• Refactored upgradeChecksPass function to validate feature gate changes during version upgrades
• Implemented set-based difference logic to identify custom gates lacking special handling exceptions
• Enhanced feature gate lock file validation to support the new exemption model
• Updated lock file structure to use EnableDisableFeatures type

Documentation & Configuration

• Updated docs/user/howto_config.md with sample configuration for the new field
• Added descriptive comments in packaging/microshift/config.yaml explaining the new feature gate options
• Enhanced field descriptions in the OpenAPI spec for better clarity

Testing

• Extended unit tests in pkg/admin/prerun/featuregate_lock_test.go to cover upgrade scenarios with special handling exceptions
• Added test cases for version change validation with custom feature gates

Related Issue

Fixes: OCPBUGS-73945

Testing Performed

• Unit tests for feature gate lock management and upgrade validation
• E2E tests triggered: e2e-aws-tests, e2e-aws-tests-arm, verify

---

You can update the PR description by clicking the "Edit" button next to the PR title on the GitHub web interface and pasting the above content.

[copejon]

/cherry-pick release-4.21

[openshift-cherrypick-robot]

@copejon: once the present PR merges, I will cherry-pick it on top of release-4.21 in a new PR and assign it to you.

Details

In response to this:

/cherry-pick release-4.21

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci-robot]

@copejon: This pull request references Jira Issue OCPBUGS-73945, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @jogeo

Details

In response to this:

Summary by CodeRabbit

Release Notes

• New Features

• Introduced specialHandlingSupportExceptionRequired feature gate configuration for managing special handling exceptions with enabled/disabled lists

• Documentation

• Enhanced configuration documentation with improved descriptions for feature gate controls and upgrade behavior

• Updated default and sample configurations to reflect new feature gate management capabilities

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

pkg/admin/prerun/featuregate_lock_test.go (1)

127-138: ⚠️ Potential issue | 🟡 Minor

Duplicate error check and unused want field.

Lines 131–133 and 134–136 are identical checks. Also, want bool is declared in the test struct (line 82) but never asserted against — so this test doesn't actually verify the expected outcome for each case.

Proposed fix

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			err := configValidationChecksPass(featureGateLockFile{
 				FeatureSet:      tt.fg.FeatureSet,
 				CustomNoUpgrade: tt.fg.CustomNoUpgrade,
 			}, &tt.fg)
-			if err != nil {
-				t.Errorf("featureValidationsPass() error = %v", err)
-			}
-			if err != nil {
-				t.Errorf("featureValidationsPass() error = %v", err)
+			if (err != nil) != !tt.want {
+				t.Errorf("configValidationChecksPass() error = %v, wantConfigured = %v", err, tt.want)
 			}
 		})
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/admin/prerun/featuregate_lock_test.go` around lines 127 - 138, The test
contains a duplicated error check and never asserts the declared expectation:
remove the duplicate if err != nil { t.Errorf(...) } block and replace the
remaining error assertion with an assertion that checks the test case's expected
outcome (tt.want) by comparing whether err is nil to tt.want (e.g., got := err
== nil; if got != tt.want { t.Errorf(... ) }). Update the invocation around
configValidationChecksPass and featureGateLockFile to use this single check so
the test actually verifies the want bool from the test struct.

🤖 Fix all issues with AI agents

Verify each finding against the current code and only fix it if needed.


In `@pkg/admin/prerun/featuregate_lock_test.go`:
- Around line 491-496: The test currently dereferences tt.customNoUpgrade
unconditionally when constructing the featureGateLockFile
(FeatureSet/CustomNoUpgrade/Version), creating a nil-pointer panic risk if a
future case omits customNoUpgrade; change the test to guard the dereference
(e.g., only set CustomNoUpgrade when tt.customNoUpgrade != nil) or populate a
safe default before use, or alternatively change
featureGateLockFile.CustomNoUpgrade to a non-pointer value; update the
constructor in featuregate_lock_test.go (the code that builds lockFile) to check
tt.customNoUpgrade != nil and assign safely to
featureGateLockFile.CustomNoUpgrade to avoid panics.
- Around line 127-138: The test contains a duplicated error check and never
asserts the declared expectation: remove the duplicate if err != nil {
t.Errorf(...) } block and replace the remaining error assertion with an
assertion that checks the test case's expected outcome (tt.want) by comparing
whether err is nil to tt.want (e.g., got := err == nil; if got != tt.want {
t.Errorf(... ) }). Update the invocation around configValidationChecksPass and
featureGateLockFile to use this single check so the test actually verifies the
want bool from the test struct.

🧹 Nitpick comments (1)

🤖 Fix all nitpicks with AI agents

Verify each finding against the current code and only fix it if needed.


In `@pkg/admin/prerun/featuregate_lock_test.go`:
- Around line 491-496: The test currently dereferences tt.customNoUpgrade
unconditionally when constructing the featureGateLockFile
(FeatureSet/CustomNoUpgrade/Version), creating a nil-pointer panic risk if a
future case omits customNoUpgrade; change the test to guard the dereference
(e.g., only set CustomNoUpgrade when tt.customNoUpgrade != nil) or populate a
safe default before use, or alternatively change
featureGateLockFile.CustomNoUpgrade to a non-pointer value; update the
constructor in featuregate_lock_test.go (the code that builds lockFile) to check
tt.customNoUpgrade != nil and assign safely to
featureGateLockFile.CustomNoUpgrade to avoid panics.

pkg/admin/prerun/featuregate_lock_test.go (1)

491-496: Nil-pointer dereference risk if a future test case omits customNoUpgrade.

All current cases set customNoUpgrade, but the field is a pointer that's unconditionally dereferenced at line 494. A guard or switching to a value type would prevent a future panicking test.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/admin/prerun/featuregate_lock_test.go` around lines 491 - 496, The test
currently dereferences tt.customNoUpgrade unconditionally when constructing the
featureGateLockFile (FeatureSet/CustomNoUpgrade/Version), creating a nil-pointer
panic risk if a future case omits customNoUpgrade; change the test to guard the
dereference (e.g., only set CustomNoUpgrade when tt.customNoUpgrade != nil) or
populate a safe default before use, or alternatively change
featureGateLockFile.CustomNoUpgrade to a non-pointer value; update the
constructor in featuregate_lock_test.go (the code that builds lockFile) to check
tt.customNoUpgrade != nil and assign safely to
featureGateLockFile.CustomNoUpgrade to avoid panics.

[coderabbitai]

🧹 Nitpick comments (1)

pkg/admin/prerun/featuregate_lock_test.go (1)

440-465: Special handling exception test cases look good — consider adding a partial-exemption case.

Both new cases test full exemption (all custom gates appear in specialHandlingSupportException). A case where only some custom gates are exempted (e.g., customNoUpgrade: {Enabled: ["FeatureA", "FeatureB"]} with specialHandlingSupportException: {Enabled: ["FeatureA"]}) would exercise the set-difference logic and confirm the upgrade is still blocked.

Similarly, there's no coverage for Disabled feature lists in the exemption path.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/admin/prerun/featuregate_lock_test.go` around lines 440 - 465, Add at
least one test case to featuregate_lock_test.go that covers partial exemptions
and one that covers Disabled lists: create a case where customNoUpgrade has
Enabled: ["FeatureA","FeatureB"] but specialHandlingSupportException has
Enabled: ["FeatureA"] to ensure the set-difference blocks the upgrade, and
another case where customNoUpgrade/ specialHandlingSupportException use the
Disabled slice (e.g., customNoUpgrade.Disabled: ["FeatureC","FeatureD"] with
specialHandlingSupportException.Disabled: ["FeatureC"]) to exercise the
exemption logic for Disabled entries; use the same test struct fields (name,
lockFileVer, currentVer, wantErr, description, customNoUpgrade,
specialHandlingSupportException) and follow the existing pattern for getVersion
to add these scenarios.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@pkg/admin/prerun/featuregate_lock_test.go`:
- Around line 440-465: Add at least one test case to featuregate_lock_test.go
that covers partial exemptions and one that covers Disabled lists: create a case
where customNoUpgrade has Enabled: ["FeatureA","FeatureB"] but
specialHandlingSupportException has Enabled: ["FeatureA"] to ensure the
set-difference blocks the upgrade, and another case where customNoUpgrade/
specialHandlingSupportException use the Disabled slice (e.g.,
customNoUpgrade.Disabled: ["FeatureC","FeatureD"] with
specialHandlingSupportException.Disabled: ["FeatureC"]) to exercise the
exemption logic for Disabled entries; use the same test struct fields (name,
lockFileVer, currentVer, wantErr, description, customNoUpgrade,
specialHandlingSupportException) and follow the existing pattern for getVersion
to add these scenarios.

[openshift-ci]

@copejon: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/ocp-full-conformance-serial-rhel-eus	68e7e71	link	true	/test ocp-full-conformance-serial-rhel-eus
ci/prow/ocp-full-conformance-rhel-eus	68e7e71	link	true	/test ocp-full-conformance-rhel-eus

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[copejon]

/test ocp-full-conformance-rhel-eus
/test ocp-full-conformance-serial-rhel-eus