Skip to content

HYPERFLEET-1202 - refactor: derive E2E HTTP client from api-spec-template#138

Draft
rafabene wants to merge 1 commit into
openshift-hyperfleet:mainfrom
rafabene:HYPERFLEET-1202-refactor-e2e-http-client
Draft

HYPERFLEET-1202 - refactor: derive E2E HTTP client from api-spec-template#138
rafabene wants to merge 1 commit into
openshift-hyperfleet:mainfrom
rafabene:HYPERFLEET-1202-refactor-e2e-http-client

Conversation

@rafabene

@rafabene rafabene commented Jul 1, 2026

Copy link
Copy Markdown
Member

Summary

  • Refactor E2E HTTP client to generate from api-spec-template (partner contract) instead of api-spec (core contract)
  • Both specs downloaded from GitHub releases via curl — no Go module dependency on spec repos (language-agnostic)
  • Template spec → typed client for partner entities (Clusters, NodePools, Channels, Versions, WifConfigs) in pkg/api/openapi/
  • Core spec → internal types only (AdapterStatus, AdapterCondition, ForceDeleteRequest) in pkg/api/core/
  • Channel, Version, WifConfig client methods now use generated typed models instead of generic Resource with map[string]any
  • Cluster/NodePool status and force-delete endpoints use doJSON (internal-only, not in template spec)

Test plan

  • make check passes (generate, fmt-check, vet, lint, test)
  • make build compiles successfully
  • E2E tests pass against a live environment

@openshift-ci openshift-ci Bot requested review from tirthct and vkareh July 1, 2026 15:23
@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ciaranroche for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Review skipped — only excluded labels are configured. (2)
  • do-not-merge/work-in-progress
  • do-not-merge/hold

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 3922f729-bcf8-4ef6-b743-9a91a334cd18

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

This PR adds generated pkg/api/core OpenAPI output, removes the hyperfleet-api-spec dependency, and rewrites OpenAPI generation to download versioned specs. Client code moves several endpoints to typed request/response models and direct HTTP calls for statuses and force-delete. E2E tests switch adapter status handling to core types, replace ResourceConditionStatus* with openapi.True/openapi.False, and update several PATCH flows to typed payloads or label-based updates. No CWE/CVE is identified from the diff.

Estimated code review effort: 4 (Complex) | ~60 minutes

🚥 Pre-merge checks | ✅ 9 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
No Privileged Containers ⚠️ Warning FAIL (CWE-250): both new Dockerfiles end the runtime stage with USER root and never switch back to a non-root user. Move installs to a root-only layer, then set a non-root USER in the final image; avoid privileged settings unless explicitly justified.
✅ Passed checks (9 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly matches the main change: switching the E2E HTTP client to api-spec-template generation.
Description check ✅ Passed The description accurately describes the spec split, typed client generation, and doJSON usage for core-only endpoints.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output ✅ Passed No non-test log statement logs token/password/credential/secret fields or interpolated strings; only docs/Dockerfile hits. CWE-532/CWE-200 not triggered.
No Hardcoded Secrets ✅ Passed No hardcoded secrets or embedded creds found; only placeholders (CHANGE_ME/REDACTED) and release URLs, so no CWE-798/321 issue.
No Weak Cryptography ✅ Passed PASS: No hits for crypto/md5, crypto/des, crypto/rc4, SHA1 security use, ECB, or secret compares; no custom cipher code found. CWE-327/328/208 absent.
No Injection Vectors ✅ Passed PASS: touched non-test files have no exec.Command/template.HTML/yaml.Unmarshal; payload loader uses json.Unmarshal, and fmt.Sprintf is only for HTTP paths, not SQL queries.
No Pii Or Sensitive Data In Logs ✅ Passed No CWE-532 issues found: new logs only emit IDs, names, reason strings, or payload paths; no raw request/response bodies, tokens, emails, or host creds are logged.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
✨ Simplify code
  • Create PR with simplified code

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
e2e/channel/crud_lifecycle.go (1)

75-90: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Assert EnabledRegex too. The GET after PATCH only checks IsDefault; add an assertion for EnabledRegex so a regression in the patched regex can’t slip through.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@e2e/channel/crud_lifecycle.go` around lines 75 - 90, The PATCH/GET lifecycle
check in the channel CRUD test only verifies IsDefault, so a regression in
EnabledRegex could be missed. Update the verification after h.Client.GetChannel
in the crud_lifecycle.go test to also assert fetched.Spec.EnabledRegex matches
the patched enabledRegex value, alongside the existing IsDefault check, so both
fields set by PatchChannel are validated.
🧹 Nitpick comments (4)
pkg/client/channel.go (1)

22-24: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Wrap propagated channel errors.

These bare returns drop operation-specific context. Keep the generated HTTP status handling, but wrap the error before returning.

Wrap response and payload errors
 	channel, err := handleHTTPResponse[openapi.Channel](resp, http.StatusCreated, "create channel")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("create channel response: %w", err)
 	}
@@
 	channel, err := handleHTTPResponse[openapi.Channel](resp, http.StatusAccepted, "delete channel")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("delete channel %q response: %w", channelID, err)
 	}
@@
 	channel, err := handleHTTPResponse[openapi.Channel](resp, http.StatusOK, "patch channel")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("patch channel %q response: %w", channelID, err)
 	}
@@
 	if err != nil {
 		logger.Error("failed to load payload", "payload_path", payloadPath, "error", err)
-		return nil, err
+		return nil, fmt.Errorf("load channel payload %q: %w", payloadPath, err)
 	}

As per path instructions, “Wrap errors per Error Model Standard — no bare return err.”

Also applies to: 59-61, 76-78, 88-91

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/client/channel.go` around lines 22 - 24, The create channel flow in
channel.go is returning a bare error from handleHTTPResponse without operation
context. Update the affected return paths in the channel-related functions
(including the create/retrieve/update/delete helpers) so they wrap the
propagated error with the operation name before returning, while keeping the
existing HTTP status checks and generated response handling intact.

Source: Path instructions

pkg/client/wifconfig.go (1)

22-24: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Wrap propagated WifConfig errors.

The direct returns drop request context from HTTP decode/status failures and payload loading failures.

Wrap response and payload errors
 	wifConfig, err := handleHTTPResponse[openapi.WifConfig](resp, http.StatusCreated, "create wifconfig")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("create wifconfig %q response: %w", req.Name, err)
 	}
@@
 	wifConfig, err := handleHTTPResponse[openapi.WifConfig](resp, http.StatusAccepted, "delete wifconfig")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("delete wifconfig %q response: %w", wifConfigID, err)
 	}
@@
 	wifConfig, err := handleHTTPResponse[openapi.WifConfig](resp, http.StatusOK, "patch wifconfig")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("patch wifconfig %q response: %w", wifConfigID, err)
 	}
@@
 	if err != nil {
 		logger.Error("failed to load payload", "payload_path", payloadPath, "error", err)
-		return nil, err
+		return nil, fmt.Errorf("load wifconfig payload %q: %w", payloadPath, err)
 	}

As per path instructions, “Wrap errors per Error Model Standard — no bare return err.”

Also applies to: 59-61, 76-78, 88-91

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/client/wifconfig.go` around lines 22 - 24, Wrap the propagated WifConfig
failures so they preserve request context instead of returning the raw error. In
the WifConfig client flow, update the direct error returns around
handleHTTPResponse, payload loading, and related call sites in the WifConfig
methods to use the project’s Error Model Standard with contextual wrapping; use
the surrounding method names and request intent (for example the
create/update/read WifConfig paths) to identify each bare return err and replace
them consistently.

Source: Path instructions

pkg/client/version.go (1)

22-24: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Wrap propagated version errors.

Bare returns lose the channel/version identifiers that make E2E failures diagnosable.

Wrap response and payload errors
 	version, err := handleHTTPResponse[openapi.Version](resp, http.StatusCreated, "create version")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("create version %q in channel %s response: %w", req.Name, channelID, err)
 	}
@@
 	version, err := handleHTTPResponse[openapi.Version](resp, http.StatusAccepted, "delete version")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("delete version %q in channel %s response: %w", versionID, channelID, err)
 	}
@@
 	version, err := handleHTTPResponse[openapi.Version](resp, http.StatusOK, "patch version")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("patch version %q in channel %s response: %w", versionID, channelID, err)
 	}
@@
 	if err != nil {
 		logger.Error("failed to load payload", "channel_id", channelID, "payload_path", payloadPath, "error", err)
-		return nil, err
+		return nil, fmt.Errorf("load version payload %q for channel %s: %w", payloadPath, channelID, err)
 	}

As per path instructions, “Wrap errors per Error Model Standard — no bare return err.”

Also applies to: 59-61, 76-78, 88-91

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/client/version.go` around lines 22 - 24, The version-related error paths
in version.go are returning raw errors, which drops the channel/version context
needed for diagnosis. Update the response and payload handling in the version
creation flow and the other mentioned version helpers so that errors are wrapped
before returning, using the existing function names like handleHTTPResponse and
the version create/update logic to add channel/version identifiers and operation
context. Keep the same control flow, but replace bare err propagation with
wrapped errors that preserve the underlying cause and relevant version metadata.

Source: Path instructions

e2e/nodepool/concurrent_creation.go (1)

143-143: 🚀 Performance & Scalability | 🔵 Trivial | 💤 Low value

Preallocate adapterMap with known capacity.

len(statuses.Items) is known here (same pattern already applied correctly in e2e/cluster/stuck_deletion.go). Same gap repeats in e2e/nodepool/creation.go:59.

As per path instructions, "preallocate slices/maps when size is known."

Proposed fix
-						adapterMap := make(map[string]core.AdapterStatus)
+						adapterMap := make(map[string]core.AdapterStatus, len(statuses.Items))
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@e2e/nodepool/concurrent_creation.go` at line 143, The adapterMap
initialization in the nodepool concurrent creation flow should be preallocated
because the number of status items is already known. Update the map creation in
the logic that builds adapterMap from statuses.Items to use the existing item
count as capacity, following the same pattern used in the stuck deletion path
and the creation flow. This change should be applied wherever adapterMap is
constructed in this routine so the map starts with the expected size instead of
growing dynamically.

Source: Path instructions

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Makefile`:
- Around line 46-63: The Makefile’s generate target currently downloads mutable
OpenAPI artifacts using API_SPEC_VERSION and API_SPEC_TEMPLATE_VERSION defaults
of latest, with no integrity verification. Update the generate flow to use
immutable release versions instead of latest, add SHA-256 checksum validation
for the downloaded files, and make the curl calls fail on HTTP errors so the
generate step cannot proceed with unexpected or tampered specs; apply this in
the generate target where the openapi/openapi.yaml and openapi/core-openapi.yaml
downloads are performed.

---

Outside diff comments:
In `@e2e/channel/crud_lifecycle.go`:
- Around line 75-90: The PATCH/GET lifecycle check in the channel CRUD test only
verifies IsDefault, so a regression in EnabledRegex could be missed. Update the
verification after h.Client.GetChannel in the crud_lifecycle.go test to also
assert fetched.Spec.EnabledRegex matches the patched enabledRegex value,
alongside the existing IsDefault check, so both fields set by PatchChannel are
validated.

---

Nitpick comments:
In `@e2e/nodepool/concurrent_creation.go`:
- Line 143: The adapterMap initialization in the nodepool concurrent creation
flow should be preallocated because the number of status items is already known.
Update the map creation in the logic that builds adapterMap from statuses.Items
to use the existing item count as capacity, following the same pattern used in
the stuck deletion path and the creation flow. This change should be applied
wherever adapterMap is constructed in this routine so the map starts with the
expected size instead of growing dynamically.

In `@pkg/client/channel.go`:
- Around line 22-24: The create channel flow in channel.go is returning a bare
error from handleHTTPResponse without operation context. Update the affected
return paths in the channel-related functions (including the
create/retrieve/update/delete helpers) so they wrap the propagated error with
the operation name before returning, while keeping the existing HTTP status
checks and generated response handling intact.

In `@pkg/client/version.go`:
- Around line 22-24: The version-related error paths in version.go are returning
raw errors, which drops the channel/version context needed for diagnosis. Update
the response and payload handling in the version creation flow and the other
mentioned version helpers so that errors are wrapped before returning, using the
existing function names like handleHTTPResponse and the version create/update
logic to add channel/version identifiers and operation context. Keep the same
control flow, but replace bare err propagation with wrapped errors that preserve
the underlying cause and relevant version metadata.

In `@pkg/client/wifconfig.go`:
- Around line 22-24: Wrap the propagated WifConfig failures so they preserve
request context instead of returning the raw error. In the WifConfig client
flow, update the direct error returns around handleHTTPResponse, payload
loading, and related call sites in the WifConfig methods to use the project’s
Error Model Standard with contextual wrapping; use the surrounding method names
and request intent (for example the create/update/read WifConfig paths) to
identify each bare return err and replace them consistently.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: b79c90ef-161e-472a-80ff-32db1e885b35

📥 Commits

Reviewing files that changed from the base of the PR and between 6aa8341 and 1b11559.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum, !**/go.sum
📒 Files selected for processing (45)
  • .gitignore
  • Makefile
  • e2e/adapter/adapter_failover.go
  • e2e/adapter/adapter_with_maestro.go
  • e2e/adapter/maestro_unavailability.go
  • e2e/channel/crud_lifecycle.go
  • e2e/cluster/adapter_failure.go
  • e2e/cluster/concurrent_creation.go
  • e2e/cluster/crash_recovery.go
  • e2e/cluster/creation.go
  • e2e/cluster/delete.go
  • e2e/cluster/delete_edge_cases.go
  • e2e/cluster/delete_external.go
  • e2e/cluster/force_delete.go
  • e2e/cluster/lifecycle_smoke.go
  • e2e/cluster/perf_cascade_delete_latency.go
  • e2e/cluster/perf_create_latency.go
  • e2e/cluster/perf_delete_latency.go
  • e2e/cluster/perf_read_entity_size_latency.go
  • e2e/cluster/perf_update_latency.go
  • e2e/cluster/stuck_deletion.go
  • e2e/cluster/update.go
  • e2e/cluster/update_edge_cases.go
  • e2e/nodepool/concurrent_creation.go
  • e2e/nodepool/creation.go
  • e2e/nodepool/delete.go
  • e2e/nodepool/delete_edge_cases.go
  • e2e/nodepool/lifecycle_smoke.go
  • e2e/nodepool/perf_create_latency.go
  • e2e/nodepool/perf_delete_latency.go
  • e2e/nodepool/update.go
  • e2e/nodepool/update_edge_cases.go
  • e2e/version/crud_lifecycle.go
  • e2e/wifconfig/crud_lifecycle.go
  • go.mod
  • hack/tools.go
  • openapi/oapi-codegen-core.yaml
  • pkg/client/channel.go
  • pkg/client/cluster.go
  • pkg/client/nodepool.go
  • pkg/client/version.go
  • pkg/client/wifconfig.go
  • pkg/helper/matchers.go
  • pkg/helper/pollers.go
  • pkg/helper/validation.go
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • openshift-hyperfleet/architecture (manual)
  • openshift-hyperfleet/hyperfleet-api (manual)
  • openshift-hyperfleet/hyperfleet-sentinel (manual)
  • openshift-hyperfleet/hyperfleet-adapter (manual)
  • openshift-hyperfleet/hyperfleet-broker (manual)
💤 Files with no reviewable changes (2)
  • hack/tools.go
  • go.mod

Comment thread Makefile
@rafabene rafabene force-pushed the HYPERFLEET-1202-refactor-e2e-http-client branch from 1b11559 to 815f79e Compare July 1, 2026 20:18

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (1)
Makefile (1)

46-63: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Checksum verification still missing (CWE-494).

Version pinning + -f on curl (Lines 47-48, 56-60) fixes the latest-tag drift from the prior review, but the downloaded spec YAMLs still have zero integrity verification. A compromised or re-tagged GitHub release for hyperfleet-api-spec-template/hyperfleet-api-spec at these pinned tags would silently alter generated client code (CWE-494: Download of Code Without Integrity Check). "Immutable tags" is not a substitute for checksum pinning — GitHub release assets under a given tag can still be replaced by repo maintainers/compromised tokens.

As per path instructions, **/Makefile requires: "No curl-pipe-bash for tool installation (use checksummed downloads)".

🔒 Add checksum pinning
 API_SPEC_VERSION ?= v1.0.25
 API_SPEC_TEMPLATE_VERSION ?= v1.0.26
+API_SPEC_SHA256 ?= <pin-me>
+API_SPEC_TEMPLATE_SHA256 ?= <pin-me>

 .PHONY: generate
 generate: $(OAPI_CODEGEN) ## Generate API client code from OpenAPI schema
 	rm -f pkg/api/openapi/openapi.gen.go pkg/api/core/core.gen.go
 	mkdir -p pkg/api/openapi pkg/api/core openapi
 	`@rm` -f openapi/openapi.yaml openapi/core-openapi.yaml
 	`@echo` "Downloading template spec ($(API_SPEC_TEMPLATE_VERSION))..."
 	`@curl` -sfL -o openapi/openapi.yaml \
 		"https://github.com/openshift-hyperfleet/hyperfleet-api-spec-template/releases/download/$(API_SPEC_TEMPLATE_VERSION)/template-openapi.yaml"
+	`@echo` "$(API_SPEC_TEMPLATE_SHA256)  openapi/openapi.yaml" | sha256sum -c -
 	`@echo` "Downloading core spec ($(API_SPEC_VERSION))..."
 	`@curl` -sfL -o openapi/core-openapi.yaml \
 		"https://github.com/openshift-hyperfleet/hyperfleet-api-spec/releases/download/$(API_SPEC_VERSION)/core-openapi.yaml"
+	`@echo` "$(API_SPEC_SHA256)  openapi/core-openapi.yaml" | sha256sum -c -
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Makefile` around lines 46 - 63, The generate target in Makefile still
downloads OpenAPI spec assets without integrity checks, so add checksum
verification for the files fetched by the curl commands in generate. Update the
workflow around API_SPEC_VERSION, API_SPEC_TEMPLATE_VERSION, and the downloads
for openapi/openapi.yaml and openapi/core-openapi.yaml to validate each asset
against a pinned checksum before running OAPI_CODEGEN. Keep the fix localized to
the generate rule and make it fail fast if the downloaded content does not match
the expected digest.

Source: Path instructions

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@Makefile`:
- Around line 46-63: The generate target in Makefile still downloads OpenAPI
spec assets without integrity checks, so add checksum verification for the files
fetched by the curl commands in generate. Update the workflow around
API_SPEC_VERSION, API_SPEC_TEMPLATE_VERSION, and the downloads for
openapi/openapi.yaml and openapi/core-openapi.yaml to validate each asset
against a pinned checksum before running OAPI_CODEGEN. Keep the fix localized to
the generate rule and make it fail fast if the downloaded content does not match
the expected digest.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: e912c016-4160-4cff-93f2-aa51266352bc

📥 Commits

Reviewing files that changed from the base of the PR and between 1b11559 and 815f79e.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum, !**/go.sum
📒 Files selected for processing (45)
  • .gitignore
  • Makefile
  • e2e/adapter/adapter_failover.go
  • e2e/adapter/adapter_with_maestro.go
  • e2e/adapter/maestro_unavailability.go
  • e2e/channel/crud_lifecycle.go
  • e2e/cluster/adapter_failure.go
  • e2e/cluster/concurrent_creation.go
  • e2e/cluster/crash_recovery.go
  • e2e/cluster/creation.go
  • e2e/cluster/delete.go
  • e2e/cluster/delete_edge_cases.go
  • e2e/cluster/delete_external.go
  • e2e/cluster/force_delete.go
  • e2e/cluster/lifecycle_smoke.go
  • e2e/cluster/perf_cascade_delete_latency.go
  • e2e/cluster/perf_create_latency.go
  • e2e/cluster/perf_delete_latency.go
  • e2e/cluster/perf_read_entity_size_latency.go
  • e2e/cluster/perf_update_latency.go
  • e2e/cluster/stuck_deletion.go
  • e2e/cluster/update.go
  • e2e/cluster/update_edge_cases.go
  • e2e/nodepool/concurrent_creation.go
  • e2e/nodepool/creation.go
  • e2e/nodepool/delete.go
  • e2e/nodepool/delete_edge_cases.go
  • e2e/nodepool/lifecycle_smoke.go
  • e2e/nodepool/perf_create_latency.go
  • e2e/nodepool/perf_delete_latency.go
  • e2e/nodepool/update.go
  • e2e/nodepool/update_edge_cases.go
  • e2e/version/crud_lifecycle.go
  • e2e/wifconfig/crud_lifecycle.go
  • go.mod
  • hack/tools.go
  • openapi/oapi-codegen-core.yaml
  • pkg/client/channel.go
  • pkg/client/cluster.go
  • pkg/client/nodepool.go
  • pkg/client/version.go
  • pkg/client/wifconfig.go
  • pkg/helper/matchers.go
  • pkg/helper/pollers.go
  • pkg/helper/validation.go
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • openshift-hyperfleet/architecture (manual)
  • openshift-hyperfleet/hyperfleet-api (manual)
  • openshift-hyperfleet/hyperfleet-sentinel (manual)
  • openshift-hyperfleet/hyperfleet-adapter (manual)
  • openshift-hyperfleet/hyperfleet-broker (manual)
💤 Files with no reviewable changes (2)
  • hack/tools.go
  • go.mod
✅ Files skipped from review due to trivial changes (6)
  • e2e/nodepool/perf_delete_latency.go
  • e2e/nodepool/delete_edge_cases.go
  • e2e/cluster/force_delete.go
  • openapi/oapi-codegen-core.yaml
  • e2e/nodepool/update_edge_cases.go
  • .gitignore
🚧 Files skipped from review as they are similar to previous changes (36)
  • e2e/cluster/lifecycle_smoke.go
  • e2e/nodepool/perf_create_latency.go
  • e2e/cluster/update.go
  • e2e/cluster/perf_cascade_delete_latency.go
  • e2e/cluster/delete_edge_cases.go
  • e2e/cluster/perf_delete_latency.go
  • e2e/cluster/perf_create_latency.go
  • e2e/cluster/perf_read_entity_size_latency.go
  • e2e/cluster/delete.go
  • e2e/cluster/perf_update_latency.go
  • e2e/cluster/delete_external.go
  • e2e/cluster/update_edge_cases.go
  • e2e/channel/crud_lifecycle.go
  • e2e/version/crud_lifecycle.go
  • pkg/helper/validation.go
  • e2e/nodepool/concurrent_creation.go
  • e2e/cluster/concurrent_creation.go
  • e2e/nodepool/creation.go
  • e2e/nodepool/delete.go
  • e2e/cluster/adapter_failure.go
  • e2e/nodepool/update.go
  • pkg/helper/pollers.go
  • e2e/cluster/crash_recovery.go
  • e2e/cluster/stuck_deletion.go
  • e2e/wifconfig/crud_lifecycle.go
  • e2e/adapter/adapter_failover.go
  • pkg/client/nodepool.go
  • e2e/adapter/maestro_unavailability.go
  • pkg/client/version.go
  • e2e/adapter/adapter_with_maestro.go
  • e2e/cluster/creation.go
  • pkg/client/wifconfig.go
  • pkg/helper/matchers.go
  • pkg/client/cluster.go
  • e2e/nodepool/lifecycle_smoke.go
  • pkg/client/channel.go

@rafabene rafabene force-pushed the HYPERFLEET-1202-refactor-e2e-http-client branch from 815f79e to e27beda Compare July 1, 2026 21:54

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
Makefile (1)

46-63: 🔒 Security & Privacy | 🔵 Trivial

Enable GitHub Immutable Releases on the spec repos. It locks release assets and tags after publish, closing the remaining CWE-494/CWE-829 supply-chain window without adding checksum handling here.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Makefile` around lines 46 - 63, Update the OpenAPI spec download flow in the
generate target to rely on GitHub Immutable Releases for both spec repositories,
since the current curl-based pulls from the versioned release assets still
depend on mutable release contents. Keep the existing generate workflow and
symbols like API_SPEC_VERSION, API_SPEC_TEMPLATE_VERSION, and generate, but
adjust the source/versioning approach so the downloaded assets are from
immutable releases after publish.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@Makefile`:
- Around line 46-63: Update the OpenAPI spec download flow in the generate
target to rely on GitHub Immutable Releases for both spec repositories, since
the current curl-based pulls from the versioned release assets still depend on
mutable release contents. Keep the existing generate workflow and symbols like
API_SPEC_VERSION, API_SPEC_TEMPLATE_VERSION, and generate, but adjust the
source/versioning approach so the downloaded assets are from immutable releases
after publish.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 1ace306c-74d3-4b24-95b4-8d41d9ad44ee

📥 Commits

Reviewing files that changed from the base of the PR and between 815f79e and e27beda.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum, !**/go.sum
📒 Files selected for processing (46)
  • .gitignore
  • Makefile
  • e2e/adapter/adapter_failover.go
  • e2e/adapter/adapter_with_maestro.go
  • e2e/adapter/maestro_unavailability.go
  • e2e/channel/crud_lifecycle.go
  • e2e/cluster/adapter_failure.go
  • e2e/cluster/concurrent_creation.go
  • e2e/cluster/crash_recovery.go
  • e2e/cluster/creation.go
  • e2e/cluster/delete.go
  • e2e/cluster/delete_edge_cases.go
  • e2e/cluster/delete_external.go
  • e2e/cluster/force_delete.go
  • e2e/cluster/lifecycle_smoke.go
  • e2e/cluster/perf_cascade_delete_latency.go
  • e2e/cluster/perf_create_latency.go
  • e2e/cluster/perf_delete_latency.go
  • e2e/cluster/perf_read_entity_size_latency.go
  • e2e/cluster/perf_update_latency.go
  • e2e/cluster/stuck_deletion.go
  • e2e/cluster/update.go
  • e2e/cluster/update_edge_cases.go
  • e2e/nodepool/concurrent_creation.go
  • e2e/nodepool/creation.go
  • e2e/nodepool/delete.go
  • e2e/nodepool/delete_edge_cases.go
  • e2e/nodepool/lifecycle_smoke.go
  • e2e/nodepool/perf_create_latency.go
  • e2e/nodepool/perf_delete_latency.go
  • e2e/nodepool/update.go
  • e2e/nodepool/update_edge_cases.go
  • e2e/version/crud_lifecycle.go
  • e2e/wifconfig/crud_lifecycle.go
  • go.mod
  • hack/tools.go
  • openapi/oapi-codegen-core.yaml
  • pkg/client/channel.go
  • pkg/client/cluster.go
  • pkg/client/nodepool.go
  • pkg/client/version.go
  • pkg/client/wifconfig.go
  • pkg/helper/matchers.go
  • pkg/helper/pollers.go
  • pkg/helper/validation.go
  • testdata/payloads/nodepools/nodepool-patch.json
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • openshift-hyperfleet/architecture (manual)
  • openshift-hyperfleet/hyperfleet-api (manual)
  • openshift-hyperfleet/hyperfleet-sentinel (manual)
  • openshift-hyperfleet/hyperfleet-adapter (manual)
  • openshift-hyperfleet/hyperfleet-broker (manual)
💤 Files with no reviewable changes (2)
  • go.mod
  • hack/tools.go
✅ Files skipped from review due to trivial changes (4)
  • e2e/cluster/perf_cascade_delete_latency.go
  • e2e/cluster/perf_read_entity_size_latency.go
  • e2e/cluster/perf_update_latency.go
  • .gitignore
🚧 Files skipped from review as they are similar to previous changes (38)
  • e2e/nodepool/perf_delete_latency.go
  • e2e/nodepool/update_edge_cases.go
  • e2e/cluster/perf_create_latency.go
  • e2e/cluster/update.go
  • e2e/nodepool/perf_create_latency.go
  • e2e/cluster/perf_delete_latency.go
  • e2e/cluster/lifecycle_smoke.go
  • e2e/nodepool/delete.go
  • e2e/nodepool/lifecycle_smoke.go
  • e2e/cluster/delete_edge_cases.go
  • pkg/helper/validation.go
  • openapi/oapi-codegen-core.yaml
  • e2e/cluster/delete_external.go
  • e2e/nodepool/update.go
  • e2e/adapter/maestro_unavailability.go
  • pkg/helper/pollers.go
  • e2e/cluster/crash_recovery.go
  • e2e/cluster/force_delete.go
  • e2e/wifconfig/crud_lifecycle.go
  • e2e/channel/crud_lifecycle.go
  • e2e/cluster/delete.go
  • pkg/client/cluster.go
  • e2e/cluster/concurrent_creation.go
  • pkg/client/nodepool.go
  • e2e/version/crud_lifecycle.go
  • e2e/cluster/update_edge_cases.go
  • e2e/cluster/adapter_failure.go
  • e2e/nodepool/creation.go
  • e2e/nodepool/delete_edge_cases.go
  • e2e/nodepool/concurrent_creation.go
  • pkg/helper/matchers.go
  • pkg/client/channel.go
  • e2e/adapter/adapter_failover.go
  • e2e/cluster/creation.go
  • e2e/cluster/stuck_deletion.go
  • pkg/client/version.go
  • e2e/adapter/adapter_with_maestro.go
  • pkg/client/wifconfig.go

@rafabene

rafabene commented Jul 2, 2026

Copy link
Copy Markdown
Member Author

/retest

@rafabene

rafabene commented Jul 2, 2026

Copy link
Copy Markdown
Member Author

The only remaining E2E failure (Maestro transport test) is caused by the template spec missing the subnets field in ClusterPlatform. This is fixed in openshift-hyperfleet/hyperfleet-api-spec-template#11 — once that PR is merged and released as v1.0.27, I will update API_SPEC_TEMPLATE_VERSION in the Makefile and the cluster payload to use the new typed fields.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@e2e/adapter/adapter_with_maestro.go`:
- Around line 197-201: The failure message for the ConfigMap assertion is stale
and still refers to .platformType "gcp" even though the surrounding verification
in the adapter_with_maestro test uses .platformType "template". Update the
g.Expect(..., ...) message in the relevant test block so it matches the actual
Go template condition being verified, keeping the context tied to the ConfigMap
and platform_tier assertion.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: bfa80280-7696-4734-8edc-3f97a9d2fe43

📥 Commits

Reviewing files that changed from the base of the PR and between e27beda and 19befbc.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum, !**/go.sum
📒 Files selected for processing (50)
  • .gitignore
  • Makefile
  • e2e/adapter/adapter_failover.go
  • e2e/adapter/adapter_with_maestro.go
  • e2e/adapter/maestro_unavailability.go
  • e2e/channel/crud_lifecycle.go
  • e2e/cluster/adapter_failure.go
  • e2e/cluster/concurrent_creation.go
  • e2e/cluster/crash_recovery.go
  • e2e/cluster/creation.go
  • e2e/cluster/delete.go
  • e2e/cluster/delete_edge_cases.go
  • e2e/cluster/delete_external.go
  • e2e/cluster/force_delete.go
  • e2e/cluster/lifecycle_smoke.go
  • e2e/cluster/perf_cascade_delete_latency.go
  • e2e/cluster/perf_create_latency.go
  • e2e/cluster/perf_delete_latency.go
  • e2e/cluster/perf_read_entity_size_latency.go
  • e2e/cluster/perf_update_latency.go
  • e2e/cluster/stuck_deletion.go
  • e2e/cluster/update.go
  • e2e/cluster/update_edge_cases.go
  • e2e/nodepool/concurrent_creation.go
  • e2e/nodepool/creation.go
  • e2e/nodepool/delete.go
  • e2e/nodepool/delete_edge_cases.go
  • e2e/nodepool/lifecycle_smoke.go
  • e2e/nodepool/perf_create_latency.go
  • e2e/nodepool/perf_delete_latency.go
  • e2e/nodepool/update.go
  • e2e/nodepool/update_edge_cases.go
  • e2e/version/crud_lifecycle.go
  • e2e/wifconfig/crud_lifecycle.go
  • go.mod
  • hack/tools.go
  • openapi/oapi-codegen-core.yaml
  • pkg/client/channel.go
  • pkg/client/cluster.go
  • pkg/client/nodepool.go
  • pkg/client/version.go
  • pkg/client/wifconfig.go
  • pkg/helper/matchers.go
  • pkg/helper/pollers.go
  • pkg/helper/validation.go
  • testdata/payloads/clusters/cluster-patch.json
  • testdata/payloads/clusters/cluster-request-large.json
  • testdata/payloads/clusters/cluster-request-small.json
  • testdata/payloads/clusters/cluster-request.json
  • testdata/payloads/nodepools/nodepool-patch.json
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • openshift-hyperfleet/architecture (manual)
  • openshift-hyperfleet/hyperfleet-api (manual)
  • openshift-hyperfleet/hyperfleet-sentinel (manual)
  • openshift-hyperfleet/hyperfleet-adapter (manual)
  • openshift-hyperfleet/hyperfleet-broker (manual)
💤 Files with no reviewable changes (2)
  • go.mod
  • hack/tools.go
✅ Files skipped from review due to trivial changes (4)
  • e2e/cluster/force_delete.go
  • openapi/oapi-codegen-core.yaml
  • e2e/cluster/update.go
  • .gitignore
🚧 Files skipped from review as they are similar to previous changes (38)
  • e2e/nodepool/perf_create_latency.go
  • e2e/cluster/perf_update_latency.go
  • e2e/cluster/lifecycle_smoke.go
  • e2e/cluster/perf_read_entity_size_latency.go
  • e2e/nodepool/lifecycle_smoke.go
  • e2e/nodepool/perf_delete_latency.go
  • e2e/nodepool/update_edge_cases.go
  • e2e/cluster/perf_cascade_delete_latency.go
  • e2e/cluster/perf_delete_latency.go
  • e2e/version/crud_lifecycle.go
  • e2e/cluster/perf_create_latency.go
  • e2e/nodepool/update.go
  • e2e/cluster/delete_external.go
  • pkg/helper/pollers.go
  • e2e/nodepool/delete_edge_cases.go
  • testdata/payloads/nodepools/nodepool-patch.json
  • e2e/wifconfig/crud_lifecycle.go
  • pkg/helper/validation.go
  • e2e/cluster/crash_recovery.go
  • e2e/adapter/maestro_unavailability.go
  • e2e/channel/crud_lifecycle.go
  • pkg/client/cluster.go
  • e2e/cluster/creation.go
  • e2e/cluster/adapter_failure.go
  • e2e/cluster/delete_edge_cases.go
  • e2e/cluster/concurrent_creation.go
  • e2e/adapter/adapter_failover.go
  • pkg/helper/matchers.go
  • e2e/cluster/update_edge_cases.go
  • e2e/nodepool/creation.go
  • e2e/nodepool/concurrent_creation.go
  • e2e/cluster/stuck_deletion.go
  • e2e/cluster/delete.go
  • pkg/client/nodepool.go
  • e2e/nodepool/delete.go
  • pkg/client/channel.go
  • pkg/client/version.go
  • pkg/client/wifconfig.go

Comment thread e2e/adapter/adapter_with_maestro.go Outdated
@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown

@rafabene: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-deployment-validation 19befbc link true /test e2e-deployment-validation

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

…late

Refactor E2E tests to generate the HTTP client from api-spec-template
(partner contract) instead of api-spec (core contract). Both specs are
downloaded from GitHub releases via curl, keeping spec repos
language-agnostic with no Go module dependency.

- Template spec generates typed client for partner entities (Clusters,
  NodePools, Channels, Versions, WifConfigs) into pkg/api/openapi/
- Core spec generates internal types (AdapterStatus, AdapterCondition,
  ForceDeleteRequest) into pkg/api/core/
- Channel, Version, WifConfig client methods now use generated typed
  models instead of generic Resource with map[string]any
- Cluster/NodePool status and force-delete endpoints use doJSON since
  they are internal-only and not in the template spec
- E2E tests updated to use openapi.* for partner types and core.* for
  internal types
- Spec versions pinned to immutable tags with curl --fail
- Cluster payloads updated to use platform type template
@rafabene rafabene force-pushed the HYPERFLEET-1202-refactor-e2e-http-client branch from 19befbc to 5a6ae74 Compare July 2, 2026 20:32
@rafabene rafabene marked this pull request as draft July 2, 2026 20:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant