CNTRLPLANE-3237: Rename KMSConfig Struct to KMSPluginConfig

[ardaguclu]

KMSConfig collides with the upstream KMSConfiguration resource and this creates confusions.

This PR renames KMSConfig Go Struct name to KMSPluginConfig as well as VaultConfig to VaultPluginConfig without changing the json field names.. So this should be a safe change.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci-robot]

@ardaguclu: This pull request references CNTRLPLANE-3237 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

KMSConfig collides with the upstream KMSConfiguration resource and this creates confusions.

This PR renames KMSConfig Go Struct name to KMSProviderConfig as well as VaultConfig to VaultProviderConfig without changing the json field names.. So this should be a safe change.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Hello @ardaguclu! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 75233a45-34ce-43cf-8e69-19e9e8db20bd

📥 Commits

Reviewing files that changed from the base of the PR and between 8e78002 and e0eecb4.

⛔ Files ignored due to path filters (4)

• config/v1/zz_generated.deepcopy.go is excluded by !**/zz_generated*
• config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/zz_generated*
• openapi/generated_openapi/zz_generated.openapi.go is excluded by !openapi/**, !**/zz_generated*
• openapi/openapi.json is excluded by !openapi/**

📒 Files selected for processing (2)

• config/v1/types_apiserver.go
• config/v1/types_kmsencryption.go

🚧 Files skipped from review as they are similar to previous changes (1)

• config/v1/types_kmsencryption.go

---

📝 Walkthrough

Walkthrough

The PR renames KMS-related Go types and updates a field type. In config/v1/types_kmsencryption.go, KMSConfig was renamed to KMSPluginConfig and VaultKMSConfig was renamed to VaultKMSPluginConfig (doc comments and union annotations updated accordingly). In config/v1/types_apiserver.go, APIServerEncryption.kms changed from *KMSConfig to a KMSPluginConfig value and its JSON tag was updated to include omitzero while preserving kms and omitempty.

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: renaming KMSConfig struct to KMSPluginConfig, which is the primary objective of the PR.
Description check	✅ Passed	The description clearly explains the reason for the rename (collision with upstream KMSConfiguration) and confirms JSON field names remain unchanged, directly addressing the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	Test titles only use static CRD and test config values. No timestamps, UUIDs, pod names, or other dynamic content in test names. Deterministic test naming.
Test Structure And Quality	✅ Passed	The custom check requires review of Ginkgo test code. This PR modifies type definition files and standard Go unit tests. No Ginkgo test code was modified, making the check not applicable.
Microshift Test Compatibility	✅ Passed	PR does not add new Ginkgo e2e tests. Changes are limited to type/struct renames in config/v1/types_apiserver.go and config/v1/types_kmsencryption.go (purely API type definitions).
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR. The changes are only to type definition files (renaming KMSConfig to KMSPluginConfig). The SNO test compatibility check only applies to new e2e tests.
Topology-Aware Scheduling Compatibility	✅ Passed	PR only renames Go types in API definitions (KMSConfig → KMSPluginConfig). Contains no deployment manifests, pod specs, controllers, or scheduling constraints that could affect OpenShift topologies.
Ote Binary Stdout Contract	✅ Passed	PR contains only Go struct type definitions. No test binaries, executable code, or stdout writes. OTE Binary Stdout Contract check is not applicable to type definition changes.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR does not add any Ginkgo e2e tests. It only modifies type definition files (types_apiserver.go and types_kmsencryption.go). The check is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.1)

Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@config/v1/types_kmsencryption.go`:
- Around line 3-7: The exported types were renamed (e.g., KMSConfig and
VaultKMSConfig) and that breaks Go API compatibility; restore backward
compatibility by adding deprecated type aliases for the old names pointing to
the new types in the same package (for example: type KMSConfig =
KMSProviderConfig and type VaultKMSConfig = <newVaultType>), mark them with a
deprecation comment, and ensure the aliases are placed alongside the new
definitions (referencing KMSProviderConfig and the new Vault type names) so
existing consumers can continue to compile.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 2d600375-5e12-4803-9a68-fa0b57080c5f

📥 Commits

Reviewing files that changed from the base of the PR and between 4023bcf and f3db516.

⛔ Files ignored due to path filters (3)

• config/v1/zz_generated.deepcopy.go is excluded by !**/zz_generated*
• config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/zz_generated*
• openapi/generated_openapi/zz_generated.openapi.go is excluded by !openapi/**, !**/zz_generated*

📒 Files selected for processing (2)

• config/v1/types_apiserver.go
• config/v1/types_kmsencryption.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Preserve Go API compatibility for renamed exported types.

Even with stable JSON names, renaming exported types in v1 (KMSConfig, VaultKMSConfig) is a source-breaking change for downstream Go consumers. Please add deprecated type aliases to keep existing integrations compiling.

Proposed backward-compatible alias patch

 type KMSProviderConfig struct {
   ...
 }

+// Deprecated: use KMSProviderConfig.
+type KMSConfig = KMSProviderConfig
+
 ...
 type VaultKMSProviderConfig struct {
   ...
 }
+
+// Deprecated: use VaultKMSProviderConfig.
+type VaultKMSConfig = VaultKMSProviderConfig

Also applies to: 125-126

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@config/v1/types_kmsencryption.go` around lines 3 - 7, The exported types were
renamed (e.g., KMSConfig and VaultKMSConfig) and that breaks Go API
compatibility; restore backward compatibility by adding deprecated type aliases
for the old names pointing to the new types in the same package (for example:
type KMSConfig = KMSProviderConfig and type VaultKMSConfig = <newVaultType>),
mark them with a deprecation comment, and ensure the aliases are placed
alongside the new definitions (referencing KMSProviderConfig and the new Vault
type names) so existing consumers can continue to compile.

[coderabbitai]

♻️ Duplicate comments (1)

config/v1/types_kmsencryption.go (1)

3-7: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Preserve Go API compatibility for renamed exported v1 types

Line 7 and Line 126 rename exported symbols (KMSConfig, VaultKMSConfig) without compatibility aliases. This is source-breaking for Go consumers even if JSON keys are unchanged. Please keep deprecated aliases to avoid downstream compile breaks.

Suggested backward-compatible patch

 type KMSProviderConfig struct {
 	...
 }
+
+// Deprecated: use KMSProviderConfig.
+type KMSConfig = KMSProviderConfig

 ...
 type VaultKMSProviderConfig struct {
 	...
 }
+
+// Deprecated: use VaultKMSProviderConfig.
+type VaultKMSConfig = VaultKMSProviderConfig

Also applies to: 23-23, 125-126

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@config/v1/types_kmsencryption.go` around lines 3 - 7, The exported type names
were changed (e.g., KMSConfig -> KMSProviderConfig and VaultKMSConfig ->
VaultKMSProviderConfig) and you must add deprecated aliases to preserve Go API
compatibility: declare type aliases with the old names pointing to the new
structs (e.g., type KMSConfig = KMSProviderConfig and type VaultKMSConfig =
VaultKMSProviderConfig) and add a deprecation comment atop each alias; place
these aliases in the same package alongside the new types so existing consumers
still compile.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@config/v1/types_kmsencryption.go`:
- Around line 3-7: The exported type names were changed (e.g., KMSConfig ->
KMSProviderConfig and VaultKMSConfig -> VaultKMSProviderConfig) and you must add
deprecated aliases to preserve Go API compatibility: declare type aliases with
the old names pointing to the new structs (e.g., type KMSConfig =
KMSProviderConfig and type VaultKMSConfig = VaultKMSProviderConfig) and add a
deprecation comment atop each alias; place these aliases in the same package
alongside the new types so existing consumers still compile.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 49d00e60-007f-4588-ad11-950ee7e2f295

📥 Commits

Reviewing files that changed from the base of the PR and between f3db516 and d89a472.

⛔ Files ignored due to path filters (4)

• config/v1/zz_generated.deepcopy.go is excluded by !**/zz_generated*
• config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/zz_generated*
• openapi/generated_openapi/zz_generated.openapi.go is excluded by !openapi/**, !**/zz_generated*
• openapi/openapi.json is excluded by !openapi/**

📒 Files selected for processing (2)

• config/v1/types_apiserver.go
• config/v1/types_kmsencryption.go

✅ Files skipped from review due to trivial changes (1)

• config/v1/types_apiserver.go

[JoelSpeed]

/lgtm

[openshift-merge-bot]

Pipeline controller notification

No second-stage tests were triggered for this PR.

This can happen when:

• The changed files don't match any pipeline_run_if_changed patterns
• All files match pipeline_skip_if_only_changed patterns
• No pipeline-controlled jobs are defined for the master branch

Use /test ? to see all available tests.

[ardaguclu]

After this PR, I learned that it is safe to rename the internal structs as long as we don't change the json fields. Thank you for approval.
/verified by CI
(I think, lint failure is not related to this PR)

[openshift-ci-robot]

@ardaguclu: This PR has been marked as verified by CI.

Details

In response to this:

After this PR, I learned that it is safe to rename the internal structs iff we don't change the json fields. Thank you for approval.
/verified by CI
(I think, lint failure is not related to this PR)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[ardaguclu]

/hold
I'll give some soak time to merge this

[JoelSpeed]

@ardaguclu This API is still tech preview right? If so, I think it's ok to fix the lint issue

[ardaguclu]

@ardaguclu This API is still tech preview right? If so, I think it's ok to fix the lint issue

Yes, it is in Tech Preview. Our library go changes that rely on emptiness of KMSConfig have merged. Can we keep KMSProviderConfig as referenced type?.

[ardaguclu]

@ardaguclu This API is still tech preview right? If so, I think it's ok to fix the lint issue

Yes, it is in Tech Preview. Our library go changes that rely on emptiness of KMSConfig have merged. Can we keep KMSProviderConfig as referenced type?.

If it is recommended, I can fix it though. cc'ing @flavianmissi, since he will have a followup PR for validations.

[ardaguclu]

@JoelSpeed lint error is fixed. Could you PTAL one more time?. Thank you

[ardaguclu]

/hold cancel

[JoelSpeed]

/lgtm

[ardaguclu]

/hold
until we agree upon whether it should be KMSPluginConfig or KMSProviderConfig

[openshift-merge-bot]

Pipeline controller notification

No second-stage tests were triggered for this PR.

This can happen when:

• The changed files don't match any pipeline_run_if_changed patterns
• All files match pipeline_skip_if_only_changed patterns
• No pipeline-controlled jobs are defined for the master branch

Use /test ? to see all available tests.

[openshift-ci-robot]

@ardaguclu: This pull request references CNTRLPLANE-3237 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

KMSConfig collides with the upstream KMSConfiguration resource and this creates confusions.

This PR renames KMSConfig Go Struct name to KMSPluginConfig as well as VaultConfig to VaultPluginConfig without changing the json field names.. So this should be a safe change.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[ardaguclu]

/retitle CNTRLPLANE-3237: Rename KMSConfig Struct to KMSPluginConfig

[ardaguclu]

/hold cancel
we agreed upon using KMSPluginConfig.

[ardaguclu]

/verified by CI

[openshift-ci-robot]

@ardaguclu: This PR has been marked as verified by CI.

Details

In response to this:

/verified by CI

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[everettraven]

/lgtm

[openshift-merge-bot]

Pipeline controller notification

No second-stage tests were triggered for this PR.

This can happen when:

• The changed files don't match any pipeline_run_if_changed patterns
• All files match pipeline_skip_if_only_changed patterns
• No pipeline-controlled jobs are defined for the master branch

Use /test ? to see all available tests.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: everettraven, JoelSpeed

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [JoelSpeed,everettraven]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@ardaguclu: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.