NO-JIRA: Allow for risks only desired update

[hongkailiu]

This is to address the issue from [1].

We need to allow for n desired update with
accept risks and without image, version and
arch.

[1]. #1318 (comment)

Summary by CodeRabbit

• Bug Fixes

  • Validation now respects the operator's reconcile-accept-risks flag: acceptRisks is allowed when enabled and rejected (Forbidden) when disabled. DesiredUpdate validation is stricter—requires architecture, version, image, or explicit acceptRisks and surfaces required/forbidden errors accordingly.

• Tests

  • Added tests covering acceptRisks allowed/forbidden paths and required DesiredUpdate scenarios.

[openshift-ci-robot]

@hongkailiu: This pull request explicitly references no jira issue.

Details

In response to this:

This is to address the issue from [1].

We need to allow for n desired update with
accept risks and without image, version and
arch.

[1]. #1318 (comment)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

ValidateClusterVersion now accepts a second parameter shouldReconcileAcceptRisks and enforces conditional rules around spec.desiredUpdate.acceptRisks and required fields (architecture, version, image, acceptRisks) depending on that flag. CVO call sites now pass the operator's reconcile-accept-risks value. New unit tests added.

Changes

Cohort / File(s)	Summary
Validation Logic lib/validation/validation.go	Changed signature to ValidateClusterVersion(config *configv1.ClusterVersion, shouldReconcileAcceptRisks bool). Validation now forbids spec.desiredUpdate.acceptRisks when the flag is false; when desiredUpdate is empty it requires at least one of architecture, version, image (or acceptRisks if the flag permits it).
Validation Tests lib/validation/validation_test.go	Added TestValidateClusterVersion table-driven tests covering: allowing acceptRisks when flag true, forbidding it when false, and requiring non-empty desiredUpdate fields in both flag states; compares field.ErrorList results with go-cmp.
Operator Integration & Tests pkg/cvo/cvo.go, pkg/cvo/cvo_test.go	Updated call sites in pkg/cvo/cvo.go to pass optr.shouldReconcileAcceptRisks() into validation. Test updates: enabled default CVO feature gates in a test and minor formatting adjustments in pkg/cvo/cvo_test.go.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Allow for risks only desired update' directly matches the PR's purpose of enabling desired updates that specify only acceptRisks without image/version/arch.
Stable And Deterministic Test Names	✅ Passed	Test files use stable, static test names without dynamic content, fmt.Sprintf, or variable interpolation.
Test Structure And Quality	✅ Passed	Test cases use single responsibility with table-driven pattern, eliminating need for BeforeEach/AfterEach. Assertion messages utilize cmp.Diff() for comprehensive output.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (2)

lib/validation/validation_test.go (2)

55-55: Consider simplifying error list construction.

The append(make(field.ErrorList, 0), ...) pattern is verbose. A simpler approach:

Proposed simplification

-			expect: append(make(field.ErrorList, 0), field.Required(field.NewPath("spec", "desiredUpdate", "acceptRisks"), "acceptRisks must not be specified")),
+			expect: field.ErrorList{field.Required(field.NewPath("spec", "desiredUpdate", "acceptRisks"), "acceptRisks must not be specified")},

Apply similarly to lines 66 and 76.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/validation/validation_test.go` at line 55, The test constructs expected
validation errors using the verbose append(make(field.ErrorList, 0), ...)
pattern; replace those with a literal composite initializer like
field.ErrorList{ field.Required(field.NewPath("spec", "desiredUpdate",
"acceptRisks"), "acceptRisks must not be specified") } to simplify; do the same
replacement for the similar expectations at the other occurrences (the lines
that create field.ErrorList for other cases) so all expected lists use
field.ErrorList{ ... } instead of append(make(...), ...).

---

14-87: Consider adding additional test coverage.

The current tests cover the basic acceptRisks scenarios well. Consider adding tests for:

1. Combined fields: When shouldReconcileAcceptRisks=true and both AcceptRisks AND Image/Version are provided (should this be allowed?).
2. Nil DesiredUpdate: Verify no panic when config.Spec.DesiredUpdate is nil.

Would you like me to generate additional test cases?

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/validation/validation_test.go` around lines 14 - 87, Add two unit tests
inside TestValidateClusterVersion to cover the missing cases: (1) a case where
shouldReconcileAcceptRisks is true and config.Spec.DesiredUpdate includes both
AcceptRisks and other fields (e.g. Image and Version) — call
ValidateClusterVersion and assert the returned field.ErrorList matches the
current validator’s behavior (expect no error if combined fields are allowed by
ValidateClusterVersion); (2) a case where config.Spec.DesiredUpdate is nil —
call ValidateClusterVersion(nil DesiredUpdate) and assert it does not panic and
returns the expected field.ErrorList (empty or the current validator’s expected
error). Reference TestValidateClusterVersion and the ValidateClusterVersion
function when adding these cases.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@lib/validation/validation_test.go`:
- Around line 57-77: Update the two table-driven test cases in
validation_test.go that assert the error message for empty Spec.DesiredUpdate:
keep the first case (where shouldReconcileAcceptRisks is true) expecting
field.Required(..., "must specify architecture, version, image, acceptRisks"),
but change the second case (where shouldReconcileAcceptRisks is false) to expect
field.Required(..., "must specify architecture, version, or image") to match the
updated validation behavior; locate the expectations constructed with
field.Required(field.NewPath("spec", "desiredUpdate"), ...) and adjust the
message string accordingly.

In `@lib/validation/validation.go`:
- Around line 35-36: The validation currently appends a field.Required error
when acceptRisks is present but shouldReconcileAcceptRisks is false; change this
to append a field.Forbidden error instead so the error type correctly indicates
the field must not be specified—update the call in the same block that
references shouldReconcileAcceptRisks and u.AcceptRisks to use
field.Forbidden(field.NewPath("spec","desiredUpdate","acceptRisks"),
"acceptRisks must not be specified").
- Around line 37-40: The switch branch is producing unreachable code and an
incorrect error message; replace the two overlapping cases by first checking if
u.Architecture, u.Version, and u.Image are all empty, then inside that branch
inspect shouldReconcileAcceptRisks: if shouldReconcileAcceptRisks is true
require AcceptRisks too (append
field.Required(field.NewPath("spec","desiredUpdate"), "must specify
architecture, version, image, or acceptRisks") when u.AcceptRisks is empty),
otherwise append the message that does not mention acceptRisks (e.g., "must
specify architecture, version, or image"); remove the unreachable case and keep
references to u.Architecture, u.Version, u.Image, u.AcceptRisks,
shouldReconcileAcceptRisks, errs and field.NewPath("spec","desiredUpdate") to
locate and update the logic.

---

Nitpick comments:
In `@lib/validation/validation_test.go`:
- Line 55: The test constructs expected validation errors using the verbose
append(make(field.ErrorList, 0), ...) pattern; replace those with a literal
composite initializer like field.ErrorList{ field.Required(field.NewPath("spec",
"desiredUpdate", "acceptRisks"), "acceptRisks must not be specified") } to
simplify; do the same replacement for the similar expectations at the other
occurrences (the lines that create field.ErrorList for other cases) so all
expected lists use field.ErrorList{ ... } instead of append(make(...), ...).
- Around line 14-87: Add two unit tests inside TestValidateClusterVersion to
cover the missing cases: (1) a case where shouldReconcileAcceptRisks is true and
config.Spec.DesiredUpdate includes both AcceptRisks and other fields (e.g. Image
and Version) — call ValidateClusterVersion and assert the returned
field.ErrorList matches the current validator’s behavior (expect no error if
combined fields are allowed by ValidateClusterVersion); (2) a case where
config.Spec.DesiredUpdate is nil — call ValidateClusterVersion(nil
DesiredUpdate) and assert it does not panic and returns the expected
field.ErrorList (empty or the current validator’s expected error). Reference
TestValidateClusterVersion and the ValidateClusterVersion function when adding
these cases.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: bdf57353-952c-4da9-8294-604feb973ea6

📥 Commits

Reviewing files that changed from the base of the PR and between 54dc4ef and aebb8e9.

📒 Files selected for processing (4)

• lib/validation/validation.go
• lib/validation/validation_test.go
• pkg/cvo/cvo.go
• pkg/cvo/cvo_test.go

[coderabbitai]

♻️ Duplicate comments (2)

lib/validation/validation.go (2)

35-36: ⚠️ Potential issue | 🟡 Minor

Incorrect error type: use field.Forbidden instead of field.Required.

field.Required semantically indicates a missing required field. For a field that must not be specified, field.Forbidden is the correct choice.

Proposed fix

 		case !shouldReconcileAcceptRisks && len(u.AcceptRisks) > 0:
-			errs = append(errs, field.Required(field.NewPath("spec", "desiredUpdate", "acceptRisks"), "acceptRisks must not be specified"))
+			errs = append(errs, field.Forbidden(field.NewPath("spec", "desiredUpdate", "acceptRisks"), "acceptRisks is not supported when the feature is disabled"))

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/validation/validation.go` around lines 35 - 36, Replace the incorrect
usage of field.Required with field.Forbidden for the acceptance-case check: when
shouldReconcileAcceptRisks is false but u.AcceptRisks is non-empty, update the
append call that adds to errs (the one referencing
field.NewPath("spec","desiredUpdate","acceptRisks")) to use field.Forbidden
instead of field.Required so the error correctly represents a
forbidden/undeclared field; the condition and the variables
(shouldReconcileAcceptRisks, u.AcceptRisks, errs) should remain unchanged.

---

37-40: ⚠️ Potential issue | 🟠 Major

Case at lines 39-40 is unreachable dead code; Case 2 message may mislead.

When !shouldReconcileAcceptRisks is true and arch/version/image are all empty:

• If AcceptRisks is empty → Case 2 (line 37) matches first
• If AcceptRisks is non-empty → Case 1 (line 35) matches first

Case 3 can never execute. Additionally, when shouldReconcileAcceptRisks=false and all fields are empty, Case 2 matches with an error message mentioning "acceptRisks" as a valid option, which is misleading since the feature is disabled.

Proposed fix

 		case !shouldReconcileAcceptRisks && len(u.AcceptRisks) > 0:
-			errs = append(errs, field.Required(field.NewPath("spec", "desiredUpdate", "acceptRisks"), "acceptRisks must not be specified"))
-		case len(u.Architecture) == 0 && len(u.Version) == 0 && len(u.Image) == 0 && len(u.AcceptRisks) == 0:
-			errs = append(errs, field.Required(field.NewPath("spec", "desiredUpdate"), "must specify architecture, version, image, or acceptRisks"))
-		case len(u.Architecture) == 0 && len(u.Version) == 0 && len(u.Image) == 0 && !shouldReconcileAcceptRisks:
-			errs = append(errs, field.Required(field.NewPath("spec", "desiredUpdate"), "must specify architecture, version, or image"))
+			errs = append(errs, field.Forbidden(field.NewPath("spec", "desiredUpdate", "acceptRisks"), "acceptRisks is not supported when the feature is disabled"))
+		case len(u.Architecture) == 0 && len(u.Version) == 0 && len(u.Image) == 0:
+			if len(u.AcceptRisks) == 0 {
+				if shouldReconcileAcceptRisks {
+					errs = append(errs, field.Required(field.NewPath("spec", "desiredUpdate"), "must specify architecture, version, image, or acceptRisks"))
+				} else {
+					errs = append(errs, field.Required(field.NewPath("spec", "desiredUpdate"), "must specify architecture, version, or image"))
+				}
+			}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/validation/validation.go` around lines 37 - 40, The two case branches
checking u.Architecture/u.Version/u.Image emptiness and acceptRisks are
redundant and make one branch unreachable; consolidate into a single conditional
that checks if len(u.Architecture)==0 && len(u.Version)==0 && len(u.Image)==0
and then branch on shouldReconcileAcceptRisks: if true append
field.Required(field.NewPath("spec","desiredUpdate"), "must specify
architecture, version, image, or acceptRisks"), otherwise append
field.Required(field.NewPath("spec","desiredUpdate"), "must specify
architecture, version, or image"); remove the unreachable case and ensure you
still reference u.AcceptRisks only for messaging, keeping errs and
field.Required/field.NewPath calls as before.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@lib/validation/validation.go`:
- Around line 35-36: Replace the incorrect usage of field.Required with
field.Forbidden for the acceptance-case check: when shouldReconcileAcceptRisks
is false but u.AcceptRisks is non-empty, update the append call that adds to
errs (the one referencing field.NewPath("spec","desiredUpdate","acceptRisks"))
to use field.Forbidden instead of field.Required so the error correctly
represents a forbidden/undeclared field; the condition and the variables
(shouldReconcileAcceptRisks, u.AcceptRisks, errs) should remain unchanged.
- Around line 37-40: The two case branches checking
u.Architecture/u.Version/u.Image emptiness and acceptRisks are redundant and
make one branch unreachable; consolidate into a single conditional that checks
if len(u.Architecture)==0 && len(u.Version)==0 && len(u.Image)==0 and then
branch on shouldReconcileAcceptRisks: if true append
field.Required(field.NewPath("spec","desiredUpdate"), "must specify
architecture, version, image, or acceptRisks"), otherwise append
field.Required(field.NewPath("spec","desiredUpdate"), "must specify
architecture, version, or image"); remove the unreachable case and ensure you
still reference u.AcceptRisks only for messaging, keeping errs and
field.Required/field.NewPath calls as before.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a738f1c2-bbd8-41f3-929b-c5c31e70767b

📥 Commits

Reviewing files that changed from the base of the PR and between aebb8e9 and ce1a27d.

📒 Files selected for processing (1)

• lib/validation/validation.go

[coderabbitai]

♻️ Duplicate comments (1)

lib/validation/validation.go (1)

37-38: ⚠️ Potential issue | 🟡 Minor

Feature-disabled validation message still advertises acceptRisks as valid.

When shouldReconcileAcceptRisks is false and spec.desiredUpdate is empty, this message still says acceptRisks is an allowed option, which conflicts with Line 35-36 behavior.

Proposed fix

-		case len(u.Architecture) == 0 && len(u.Version) == 0 && len(u.Image) == 0 && len(u.AcceptRisks) == 0:
-			errs = append(errs, field.Required(field.NewPath("spec", "desiredUpdate"), "must specify architecture, version, image, or acceptRisks"))
+		case len(u.Architecture) == 0 && len(u.Version) == 0 && len(u.Image) == 0 && len(u.AcceptRisks) == 0:
+			if shouldReconcileAcceptRisks {
+				errs = append(errs, field.Required(field.NewPath("spec", "desiredUpdate"), "must specify architecture, version, image, or acceptRisks"))
+			} else {
+				errs = append(errs, field.Required(field.NewPath("spec", "desiredUpdate"), "must specify architecture, version, or image"))
+			}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/validation/validation.go` around lines 37 - 38, The required-field error
message for the spec.desiredUpdate check still mentions "acceptRisks" even when
the feature gate shouldReconcileAcceptRisks is false; update the logic around
the case that builds errs (the branch with len(u.Architecture) == 0 &&
len(u.Version) == 0 && len(u.Image) == 0 && len(u.AcceptRisks) == 0) to choose
the error text based on shouldReconcileAcceptRisks (or split into two cases):
when shouldReconcileAcceptRisks is true keep "must specify architecture,
version, image, or acceptRisks", otherwise use "must specify architecture,
version, or image" and append the result via the field.Required call for
field.NewPath("spec","desiredUpdate").

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@lib/validation/validation.go`:
- Around line 37-38: The required-field error message for the spec.desiredUpdate
check still mentions "acceptRisks" even when the feature gate
shouldReconcileAcceptRisks is false; update the logic around the case that
builds errs (the branch with len(u.Architecture) == 0 && len(u.Version) == 0 &&
len(u.Image) == 0 && len(u.AcceptRisks) == 0) to choose the error text based on
shouldReconcileAcceptRisks (or split into two cases): when
shouldReconcileAcceptRisks is true keep "must specify architecture, version,
image, or acceptRisks", otherwise use "must specify architecture, version, or
image" and append the result via the field.Required call for
field.NewPath("spec","desiredUpdate").

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 226d134f-5c56-4180-9205-288567a18a78

📥 Commits

Reviewing files that changed from the base of the PR and between ce1a27d and 2a66574.

📒 Files selected for processing (4)

• lib/validation/validation.go
• lib/validation/validation_test.go
• pkg/cvo/cvo.go
• pkg/cvo/cvo_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

• lib/validation/validation_test.go

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@lib/validation/validation.go`:
- Around line 37-38: The error string in the validation branch that checks
len(u.Architecture)==0 && len(u.Version)==0 && len(u.Image)==0 &&
!shouldReconcileAcceptRisks is wrong: update the message passed to
field.Required (the call that appends to errs using
field.NewPath("spec","desiredUpdate")) to remove any reference to "acceptRisks"
and include "image" so it correctly reads that the user must specify
architecture, version, or image when shouldReconcileAcceptRisks is false.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8679795f-8eb3-4236-b8d5-a4de5a34f468

📥 Commits

Reviewing files that changed from the base of the PR and between 2a66574 and f35e2cf.

📒 Files selected for processing (4)

• lib/validation/validation.go
• lib/validation/validation_test.go
• pkg/cvo/cvo.go
• pkg/cvo/cvo_test.go

🚧 Files skipped from review as they are similar to previous changes (2)

• lib/validation/validation_test.go
• pkg/cvo/cvo.go

[wking]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hongkailiu, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [hongkailiu,wking]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[wking]

We're continuing to iterate on this, and there are several more pulls open for the CVO polishing accepted-risks stuff. I am fine with CI passing, and no further manual verification here.

/verified by @wking

[openshift-ci-robot]

@wking: This PR has been marked as verified by @wking.

Details

In response to this:

We're continuing to iterate on this, and there are several more pulls open for the CVO polishing accepted-risks stuff. I am fine with CI passing, and no further manual verification here.

/verified by @wking

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[hongkailiu]

/test e2e-agnostic-ovn-techpreview-serial

[openshift-ci]

@hongkailiu: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.