Skip to content

Revert "SPIRE-526: Remove "OpenShift Container Platform" from valid-subscription annotation in CSV"#134

Merged
openshift-merge-bot[bot] merged 1 commit into
openshift:mainfrom
rausingh-rh:revert-107-fix-valid-subscription-annotation
Jun 9, 2026
Merged

Revert "SPIRE-526: Remove "OpenShift Container Platform" from valid-subscription annotation in CSV"#134
openshift-merge-bot[bot] merged 1 commit into
openshift:mainfrom
rausingh-rh:revert-107-fix-valid-subscription-annotation

Conversation

@rausingh-rh

@rausingh-rh rausingh-rh commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

Reverts #107

Summary by CodeRabbit

  • New Features
    • Added support for OpenShift Container Platform, expanding compatibility alongside OpenShift Platform Plus.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jun 9, 2026
@openshift-ci-robot

openshift-ci-robot commented Jun 9, 2026

Copy link
Copy Markdown

@rausingh-rh: This pull request references SPIRE-526 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Reverts #107

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai

coderabbitai Bot commented Jun 9, 2026

Copy link
Copy Markdown

Walkthrough

The pull request expands OpenShift subscription support by updating the operators.openshift.io/valid-subscription annotation in ClusterServiceVersion manifests. Both the base configuration and bundled manifest are updated to declare support for "OpenShift Container Platform" alongside "OpenShift Platform Plus".

Changes

OpenShift Subscription Support Expansion

Layer / File(s) Summary
Valid subscription annotation update
config/manifests/bases/zero-trust-workload-identity-manager.clusterserviceversion.yaml, bundle/manifests/zero-trust-workload-identity-manager.clusterserviceversion.yaml
The operators.openshift.io/valid-subscription annotation is updated in both the base manifest and bundled manifest to declare support for both "OpenShift Container Platform" and "OpenShift Platform Plus" instead of only "OpenShift Platform Plus".

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Microshift Test Compatibility ⚠️ Warning New e2e tests use config.openshift.io/v1 DNS, operators.coreos.com Subscription, and operators.framework.io OperatorCondition APIs unavailable on MicroShift without protective skip mechanisms. Add [apigroup:...] tags to test names or guard with exutil.IsMicroShiftCluster() checks to skip on MicroShift.
✅ Passed checks (14 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly describes the primary change: reverting a previous commit that removed OpenShift Container Platform from the valid-subscription annotation, which aligns with the changeset that restores both subscription types.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed The PR only modifies ClusterServiceVersion annotation files (no test code changes). The repository uses standard Go testing (455 test functions), not Ginkgo. No Ginkgo test names to validate.
Test Structure And Quality ✅ Passed PR contains only YAML manifest annotation updates; no Ginkgo test code changes present, making test quality check not applicable.
Single Node Openshift (Sno) Test Compatibility ✅ Passed PR contains no new Ginkgo e2e tests; only YAML manifest annotation updates. SNO compatibility check not applicable.
Topology-Aware Scheduling Compatibility ✅ Passed PR only updates ClusterServiceVersion metadata annotation (valid-subscription); no deployment manifests, operator code, controllers, or scheduling constraints are modified.
Ote Binary Stdout Contract ✅ Passed PR modifies only YAML manifest files (ClusterServiceVersion annotations), not Go code. The OTE Binary Stdout Contract check applies to process-level code violations; no code changes are present.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed No Ginkgo e2e tests are added in this PR; only YAML manifest files with annotations are modified. Check is not applicable.
No-Weak-Crypto ✅ Passed PR only modifies YAML annotation metadata (OpenShift subscription support declaration). No cryptographic code, weak crypto algorithms, or token comparisons are involved.
Container-Privileges ✅ Passed PR only changes annotation metadata; no container privilege settings (privileged, hostPID/Network/IPC, SYS_ADMIN, allowPrivilegeEscalation, root) were introduced.
No-Sensitive-Data-In-Logs ✅ Passed No logging containing sensitive data found. Changes only update Kubernetes manifest annotations declaring supported OpenShift subscription products, not logging configurations or credentials.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci Bot requested review from bharath-b-rh and swghosh June 9, 2026 03:11
@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 9, 2026
@rausingh-rh

Copy link
Copy Markdown
Contributor Author

/cherrypick release-1.1

@openshift-cherrypick-robot

Copy link
Copy Markdown

@rausingh-rh: once the present PR merges, I will cherry-pick it on top of release-1.1 in a new PR and assign it to you.

Details

In response to this:

/cherrypick release-1.1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
bundle/manifests/zero-trust-workload-identity-manager.clusterserviceversion.yaml (1)

747-750: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add resource limits to container specification.

The container defines resource requests but is missing resource limits for CPU and memory. As per coding guidelines, resource limits must be defined on every container in Kubernetes manifests to prevent resource exhaustion and ensure predictable scheduling behavior.

🛡️ Proposed fix to add resource limits
 resources:
   requests:
     cpu: 100m
     memory: 256Mi
+  limits:
+    cpu: 500m
+    memory: 512Mi
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@bundle/manifests/zero-trust-workload-identity-manager.clusterserviceversion.yaml`
around lines 747 - 750, Add a resources.limits block to the same container
specification that currently has resources.requests so CPU and memory limits are
enforced; specifically add resources.limits.cpu and resources.limits.memory
(values should be >= the current requests, e.g., cpu: 200m and memory: 512Mi or
whatever your policy requires) alongside the existing resources.requests entries
to satisfy the manifest guideline.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In
`@bundle/manifests/zero-trust-workload-identity-manager.clusterserviceversion.yaml`:
- Around line 747-750: Add a resources.limits block to the same container
specification that currently has resources.requests so CPU and memory limits are
enforced; specifically add resources.limits.cpu and resources.limits.memory
(values should be >= the current requests, e.g., cpu: 200m and memory: 512Mi or
whatever your policy requires) alongside the existing resources.requests entries
to satisfy the manifest guideline.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 63d5418f-21d2-4115-91ff-6a33afefc40d

📥 Commits

Reviewing files that changed from the base of the PR and between c541f82 and 9cd5aac.

📒 Files selected for processing (2)
  • bundle/manifests/zero-trust-workload-identity-manager.clusterserviceversion.yaml
  • config/manifests/bases/zero-trust-workload-identity-manager.clusterserviceversion.yaml

@openshift-ci

openshift-ci Bot commented Jun 9, 2026

Copy link
Copy Markdown

@rausingh-rh: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@nhegde07 nhegde07 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good.
Do we need to run any pre merge testing for the same? @rausingh-rh ?
/lgtm
/hold

@openshift-ci openshift-ci Bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 9, 2026
@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jun 9, 2026
@openshift-ci

openshift-ci Bot commented Jun 9, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nhegde07, rausingh-rh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:
  • OWNERS [nhegde07,rausingh-rh]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@PillaiManish

Copy link
Copy Markdown
Member

I think we need to cherry-pick this in release-1.0.0 as well.

CC: @nhegde07, @TrilokGeer

@PillaiManish

Copy link
Copy Markdown
Member

/cherrypick release-1.0.0

If not required we would close it later.

@openshift-cherrypick-robot

Copy link
Copy Markdown

@PillaiManish: once the present PR merges, I will cherry-pick it on top of release-1.0.0 in a new PR and assign it to you.

Details

In response to this:

/cherrypick release-1.0.0

If not required we would close it later.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@sayak-redhat

Copy link
Copy Markdown
Contributor

/verified by qe

@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Jun 9, 2026
@openshift-ci-robot

Copy link
Copy Markdown

@sayak-redhat: This PR has been marked as verified by qe.

Details

In response to this:

/verified by qe

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@rausingh-rh

Copy link
Copy Markdown
Contributor Author

/unhold

@openshift-ci openshift-ci Bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 9, 2026
@openshift-merge-bot openshift-merge-bot Bot merged commit 65d742d into openshift:main Jun 9, 2026
7 checks passed
@openshift-cherrypick-robot

Copy link
Copy Markdown

@rausingh-rh: new pull request created: #135

Details

In response to this:

/cherrypick release-1.1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot

Copy link
Copy Markdown

@PillaiManish: new pull request created: #136

Details

In response to this:

/cherrypick release-1.0.0

If not required we would close it later.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@rausingh-rh

Copy link
Copy Markdown
Contributor Author

tracking ticket: https://redhat.atlassian.net/browse/SPIRE-569

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants