feat: add EnableAccountVerifier configuration flag

[mfrancisc]

Description

Add a configuration flag to control whether the registration service should act on responses from the account-verifier service.

Jira: https://redhat.atlassian.net/browse/SANDBOX-1837

Checks

1. Did you run make generate target? yes

2. Did make generate change anything in other projects (host-operator)? yes

3. In case of new CRD, did you the following? N/A

   • make/generate.mk in this repository
   • resources/setup/roles/host.yaml in the sandbox-sre repository
   • PROJECT file: https://github.com/codeready-toolchain/host-operator/blob/master/PROJECT
   • CSV file: https://github.com/codeready-toolchain/host-operator/blob/master/config/manifests/bases/host-operator.clusterserviceversion.yaml

4. In case other projects are changed, please provides PR links.

   • host-operator: feat: add EnableAccountVerifier configuration flag host-operator#1263

Summary by CodeRabbit

• New Features
  • New optional configuration flag to control account verification enforcement during registration. When enabled, verification responses are enforced; when disabled, verification still runs but responses are logged only.

[coderabbitai]

Walkthrough

This PR introduces a new optional EnableAccountVerifier boolean field to the RegistrationServiceConfig type in the CodeReady Toolchain API. The field controls whether the registration service enforces account-verifier responses or logs them non-fatally, with updates to the type definition, API documentation, and generated supporting code.

Changes

EnableAccountVerifier Configuration

Layer / File(s)	Summary
Field definition and documentation api/v1alpha1/toolchainconfig_types.go, api/v1alpha1/docs/apiref.adoc	RegistrationServiceConfig now includes an optional EnableAccountVerifier pointer-to-bool field that controls whether registration service enforces account-verifier responses (when true) or only logs them (when false/unset).
Generated code updates api/v1alpha1/zz_generated.deepcopy.go, api/v1alpha1/zz_generated.openapi.go	DeepCopyInto method and OpenAPI schema for RegistrationServiceConfig are updated to handle deep-copying and schema-documenting the new optional field.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

feature

Suggested reviewers

• MatousJobanek
• alexeykazakov

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding a new EnableAccountVerifier configuration flag to control account-verifier service behavior.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	PR description follows the template with clear goals and completed all applicable checklist items, though the host-operator PR link is incomplete.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@api/v1alpha1/toolchainconfig_types.go`:
- Around line 265-269: The new EnableAccountVerifier (*bool) field on
ToolchainConfig is added to the API but not propagated to host-operator; update
host-operator to read ToolchainConfig.Spec.EnableAccountVerifier (or the
ToolchainConfig status path you use) and propagate it into the
registration-service configuration (e.g., add an env var or ConfigMap key named
enableAccountVerifier consumed by registration-service) by updating the relevant
reconciler (controller) that manages registration-service deployment/template,
ensure the JSON field name enableAccountVerifier is used consistently, add any
necessary RBAC and CR watch for ToolchainConfig in the reconciler, and
add/adjust unit/integration tests to assert the field flows through from
ToolchainConfig -> host-operator -> registration-service.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: c445be49-6af6-4f1e-bbd2-2b6c2e4bb2ef

📥 Commits

Reviewing files that changed from the base of the PR and between cf8d9a0 and a89a9fe.

📒 Files selected for processing (4)

• api/v1alpha1/docs/apiref.adoc
• api/v1alpha1/toolchainconfig_types.go
• api/v1alpha1/zz_generated.deepcopy.go
• api/v1alpha1/zz_generated.openapi.go

📜 Review details

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• api/v1alpha1/docs/apiref.adoc
• api/v1alpha1/toolchainconfig_types.go
• api/v1alpha1/zz_generated.openapi.go
• api/v1alpha1/zz_generated.deepcopy.go

🔀 Multi-repo context codeready-toolchain/host-operator, codeready-toolchain/toolchain-common, codeready-toolchain/toolchain-e2e

[::codeready-toolchain/host-operator::controllers/toolchainconfig/configuration.go:116,259,276]

• host-operator consumes the API type toolchainv1alpha1.RegistrationServiceConfig and exposes accessors (RegistrationService(), RegistrationServiceConfig, VerificationConfig). The file contains methods that read registration config (Environment, Replicas, Analytics, Verification, RegistrationServiceURL, etc.).

[::codeready-toolchain/host-operator::search]

• No references to the new field name EnableAccountVerifier / enableAccountVerifier were found in host-operator.

[::codeready-toolchain/toolchain-common::search]

• No occurrences of RegistrationServiceConfig or the new field were found.

[::codeready-toolchain/toolchain-e2e::search]

• No occurrences of RegistrationServiceConfig or the new field were found.

Implication: The API addition (EnableAccountVerifier) is not yet consumed by host-operator or other linked repos; host-operator may require updates if it should act on this flag (e.g., provide accessor, defaulting, or logic changes). No other repos currently reference the new field.

🔇 Additional comments (3)

api/v1alpha1/docs/apiref.adoc (1)

2142-2145: LGTM!

api/v1alpha1/zz_generated.deepcopy.go (1)

1940-1944: LGTM!

api/v1alpha1/zz_generated.openapi.go (1)

2661-2667: LGTM!

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Wire this field through host-operator before relying on it.

EnableAccountVerifier is added to the API, but linked-repo findings show no EnableAccountVerifier/enableAccountVerifier usage in codeready-toolchain/host-operator. Until host-operator consumes and propagates this field to registration-service behavior, this flag is effectively inert and does not meet the PR objective.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@api/v1alpha1/toolchainconfig_types.go` around lines 265 - 269, The new
EnableAccountVerifier (*bool) field on ToolchainConfig is added to the API but
not propagated to host-operator; update host-operator to read
ToolchainConfig.Spec.EnableAccountVerifier (or the ToolchainConfig status path
you use) and propagate it into the registration-service configuration (e.g., add
an env var or ConfigMap key named enableAccountVerifier consumed by
registration-service) by updating the relevant reconciler (controller) that
manages registration-service deployment/template, ensure the JSON field name
enableAccountVerifier is used consistently, add any necessary RBAC and CR watch
for ToolchainConfig in the reconciler, and add/adjust unit/integration tests to
assert the field flows through from ToolchainConfig -> host-operator ->
registration-service.