CNTRLPLANE-2781: Document valid character sets and add validation for Azure Marketplace image fields

[hypershift-jira-solve-ci]

What this PR does / why we need it:

Documents the valid character sets for Azure Marketplace image fields (offer, publisher, sku, imageID) and adds kubebuilder validation for the offer field.

Previously, these API fields had TODO comments instead of proper documentation. This PR:

• Replaces TODO comments with comprehensive documentation including expected formats, valid character sets, and concrete examples
• Adds a kubebuilder validation pattern for the offer field enforcing valid Azure Marketplace characters (alphanumeric, hyphens, underscores, periods)
• Links to relevant Microsoft Learn documentation for each field
• Regenerates CRDs, vendor, and API reference docs to reflect the changes
• Fixes minor whitespace alignment in the karpenter ARM64 e2e test

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/CNTRLPLANE-2781

Special notes for your reviewer:

The validation pattern ^[a-zA-Z0-9._-]+$ for the offer field matches the character set accepted by Azure Marketplace. Other fields (publisher, sku) were documented but not given validation patterns since their constraints may vary — this can be added in a follow-up if desired.

Checklist:

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Always review AI generated responses prior to use.
Generated with Claude Code via /jira:solve [CNTRLPLANE-2781](https://redhat.atlassian.net/browse/CNTRLPLANE-2781)

---

Note: This PR was auto-generated by the jira-agent periodic CI job in response to CNTRLPLANE-2781. See the full report for token usage, cost breakdown, and detailed phase output.

Summary by CodeRabbit

• Documentation
  • Clarified Azure VM image configuration: explicit formats, examples, allowed characters, and length constraints for marketplace/managed/gallery image identifiers; added reference links for locating publisher, offer, and SKU values.
• Tests
  • Minor whitespace/formatting alignment change in an ARM64 provisioning test; no behavioral changes.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci-robot]

@hypershift-jira-solve-ci[bot]: This pull request references CNTRLPLANE-2781 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

What this PR does / why we need it:

Documents the valid character sets for Azure Marketplace image fields (offer, publisher, sku, imageID) and adds kubebuilder validation for the offer field.

Previously, these API fields had TODO comments instead of proper documentation. This PR:

• Replaces TODO comments with comprehensive documentation including expected formats, valid character sets, and concrete examples
• Adds a kubebuilder validation pattern for the offer field enforcing valid Azure Marketplace characters (alphanumeric, hyphens, underscores, periods)
• Links to relevant Microsoft Learn documentation for each field
• Regenerates CRDs, vendor, and API reference docs to reflect the changes
• Fixes minor whitespace alignment in the karpenter ARM64 e2e test

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/CNTRLPLANE-2781

Special notes for your reviewer:

The validation pattern ^[a-zA-Z0-9._-]+$ for the offer field matches the character set accepted by Azure Marketplace. Other fields (publisher, sku) were documented but not given validation patterns since their constraints may vary — this can be added in a follow-up if desired.

Checklist:

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Always review AI generated responses prior to use.
Generated with Claude Code via /jira:solve [CNTRLPLANE-2781](https://redhat.atlassian.net/browse/CNTRLPLANE-2781)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@hypershift-jira-solve-ci[bot]: This pull request references CNTRLPLANE-2781 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

What this PR does / why we need it:

Documents the valid character sets for Azure Marketplace image fields (offer, publisher, sku, imageID) and adds kubebuilder validation for the offer field.

Previously, these API fields had TODO comments instead of proper documentation. This PR:

• Replaces TODO comments with comprehensive documentation including expected formats, valid character sets, and concrete examples
• Adds a kubebuilder validation pattern for the offer field enforcing valid Azure Marketplace characters (alphanumeric, hyphens, underscores, periods)
• Links to relevant Microsoft Learn documentation for each field
• Regenerates CRDs, vendor, and API reference docs to reflect the changes
• Fixes minor whitespace alignment in the karpenter ARM64 e2e test

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/CNTRLPLANE-2781

Special notes for your reviewer:

The validation pattern ^[a-zA-Z0-9._-]+$ for the offer field matches the character set accepted by Azure Marketplace. Other fields (publisher, sku) were documented but not given validation patterns since their constraints may vary — this can be added in a follow-up if desired.

Checklist:

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Always review AI generated responses prior to use.
Generated with Claude Code via /jira:solve [CNTRLPLANE-2781](https://redhat.atlassian.net/browse/CNTRLPLANE-2781)

---

Note: This PR was auto-generated by the jira-agent periodic CI job in response to CNTRLPLANE-2781. See the full report for token usage, cost breakdown, and detailed phase output.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@hypershift-jira-solve-ci[bot]: This pull request references CNTRLPLANE-2781 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

What this PR does / why we need it:

Documents the valid character sets for Azure Marketplace image fields (offer, publisher, sku, imageID) and adds kubebuilder validation for the offer field.

Previously, these API fields had TODO comments instead of proper documentation. This PR:

• Replaces TODO comments with comprehensive documentation including expected formats, valid character sets, and concrete examples
• Adds a kubebuilder validation pattern for the offer field enforcing valid Azure Marketplace characters (alphanumeric, hyphens, underscores, periods)
• Links to relevant Microsoft Learn documentation for each field
• Regenerates CRDs, vendor, and API reference docs to reflect the changes
• Fixes minor whitespace alignment in the karpenter ARM64 e2e test

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/CNTRLPLANE-2781

Special notes for your reviewer:

The validation pattern ^[a-zA-Z0-9._-]+$ for the offer field matches the character set accepted by Azure Marketplace. Other fields (publisher, sku) were documented but not given validation patterns since their constraints may vary — this can be added in a follow-up if desired.

Checklist:

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Always review AI generated responses prior to use.
Generated with Claude Code via /jira:solve [CNTRLPLANE-2781](https://redhat.atlassian.net/browse/CNTRLPLANE-2781)

---

Note: This PR was auto-generated by the jira-agent periodic CI job in response to CNTRLPLANE-2781. See the full report for token usage, cost breakdown, and detailed phase output.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: 6aa42c27-43b9-4134-9d70-f3052e53df66

📥 Commits

Reviewing files that changed from the base of the PR and between 1fd2eaf and e1f918c.

⛔ Files ignored due to path filters (8)

• api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/nodepools.hypershift.openshift.io/AAA_ungated.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/nodepools.hypershift.openshift.io/GCPPlatform.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/nodepools.hypershift.openshift.io/OpenStack.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• cmd/install/assets/crds/hypershift-operator/tests/nodepools.hypershift.openshift.io/stable.nodepools.azure.testsuite.yaml is excluded by !cmd/install/assets/**/*.yaml
• cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/nodepools-CustomNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
• cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/nodepools-Default.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
• cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/nodepools-TechPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
• vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/azure.go is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (1)

• api/hypershift/v1beta1/azure.go

🚧 Files skipped from review as they are similar to previous changes (1)

• api/hypershift/v1beta1/azure.go

---

📝 Walkthrough

Walkthrough

This PR updates field documentation and validation for Azure image selection in api/hypershift/v1beta1/azure.go: it clarifies AzureVMImage.ImageID as an Azure resource ID (with examples), expands AzureMarketplaceImage.Publisher docs and allowed characters, specifies format and adds a kubebuilder XValidation rule for AzureMarketplaceImage.Offer (must match ^[a-zA-Z0-9][a-zA-Z0-9._-]*$), and documents AzureMarketplaceImage.SKU length/characters. In test/e2e/karpenter_test.go, only whitespace/indentation in the armNodeLabels map was adjusted.

🚥 Pre-merge checks | ✅ 9 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (9 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately describes the main changes: documenting valid character sets and adding validation for Azure Marketplace image fields, which is the primary focus of the changeset.
Stable And Deterministic Test Names	✅ Passed	The PR introduces a new test file using standard Go testing framework, not Ginkgo. No Ginkgo test patterns that could contain dynamic test names are introduced or modified.
Test Structure And Quality	✅ Passed	Custom check requests review of Ginkgo test code quality, but PR's only test file modification is in test/e2e/karpenter_test.go using standard Go testing with t.Run() pattern, not Ginkgo. The sole change is whitespace alignment with no test logic modifications.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added in this PR; only whitespace changes to existing test code.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added in this pull request. Only whitespace/indentation formatting changes were made to existing test functions.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only API field documentation and kubebuilder validation rules, not deployment manifests, operator code, or scheduling constraints.
Ote Binary Stdout Contract	✅ Passed	No stdout contract violations detected. Modified files contain only API definitions and test case changes with no process-level stdout writes.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR. Only whitespace alignment changes to existing test code.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@hypershift-jira-solve-ci[bot]: This pull request references CNTRLPLANE-2781 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

What this PR does / why we need it:

Documents the valid character sets for Azure Marketplace image fields (offer, publisher, sku, imageID) and adds kubebuilder validation for the offer field.

Previously, these API fields had TODO comments instead of proper documentation. This PR:

• Replaces TODO comments with comprehensive documentation including expected formats, valid character sets, and concrete examples
• Adds a kubebuilder validation pattern for the offer field enforcing valid Azure Marketplace characters (alphanumeric, hyphens, underscores, periods)
• Links to relevant Microsoft Learn documentation for each field
• Regenerates CRDs, vendor, and API reference docs to reflect the changes
• Fixes minor whitespace alignment in the karpenter ARM64 e2e test

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/CNTRLPLANE-2781

Special notes for your reviewer:

The validation pattern ^[a-zA-Z0-9._-]+$ for the offer field matches the character set accepted by Azure Marketplace. Other fields (publisher, sku) were documented but not given validation patterns since their constraints may vary — this can be added in a follow-up if desired.

Checklist:

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Always review AI generated responses prior to use.
Generated with Claude Code via /jira:solve [CNTRLPLANE-2781](https://redhat.atlassian.net/browse/CNTRLPLANE-2781)

---

Note: This PR was auto-generated by the jira-agent periodic CI job in response to CNTRLPLANE-2781. See the full report for token usage, cost breakdown, and detailed phase output.

Summary by CodeRabbit

Release Notes

• Documentation
• Enhanced Azure virtual machine image configuration documentation with clarified resource ID formats, examples for managed images and Compute Gallery versions, and expanded guidance on marketplace image parameters including publisher, offer, and SKU specifications.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@api/hypershift/v1beta1/azure.go`:
- Around line 174-176: The publisher examples in the azure.go comment contradict
the lowercase-only validation (regex ^[a-z0-9][a-z0-9-_]{2,49}$) — replace the
mixed-case examples "Canonical" and "RedHat" with lowercase-valid examples
(e.g., "canonical", "redhat") so the examples match the enforced rule; update
the comment near the publisher description/regex in azure.go accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: ad6816d4-78e6-4a0c-a1c0-11173828cb9a

📥 Commits

Reviewing files that changed from the base of the PR and between 5ca6794 and c1239e4.

⛔ Files ignored due to path filters (9)

• api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/nodepools.hypershift.openshift.io/AAA_ungated.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/nodepools.hypershift.openshift.io/GCPPlatform.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/nodepools.hypershift.openshift.io/OpenStack.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/nodepools-CustomNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
• cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/nodepools-Default.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
• cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/nodepools-TechPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/**, !cmd/install/assets/**/*.yaml
• docs/content/reference/aggregated-docs.md is excluded by !docs/content/reference/aggregated-docs.md
• docs/content/reference/api.md is excluded by !docs/content/reference/api.md
• vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/azure.go is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (2)

• api/hypershift/v1beta1/azure.go
• test/e2e/karpenter_test.go

[openshift-ci-robot]

@hypershift-jira-solve-ci[bot]: This pull request references CNTRLPLANE-2781 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

What this PR does / why we need it:

Documents the valid character sets for Azure Marketplace image fields (offer, publisher, sku, imageID) and adds kubebuilder validation for the offer field.

Previously, these API fields had TODO comments instead of proper documentation. This PR:

• Replaces TODO comments with comprehensive documentation including expected formats, valid character sets, and concrete examples
• Adds a kubebuilder validation pattern for the offer field enforcing valid Azure Marketplace characters (alphanumeric, hyphens, underscores, periods)
• Links to relevant Microsoft Learn documentation for each field
• Regenerates CRDs, vendor, and API reference docs to reflect the changes
• Fixes minor whitespace alignment in the karpenter ARM64 e2e test

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/CNTRLPLANE-2781

Special notes for your reviewer:

The validation pattern ^[a-zA-Z0-9._-]+$ for the offer field matches the character set accepted by Azure Marketplace. Other fields (publisher, sku) were documented but not given validation patterns since their constraints may vary — this can be added in a follow-up if desired.

Checklist:

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Always review AI generated responses prior to use.
Generated with Claude Code via /jira:solve [CNTRLPLANE-2781](https://redhat.atlassian.net/browse/CNTRLPLANE-2781)

---

Note: This PR was auto-generated by the jira-agent periodic CI job in response to CNTRLPLANE-2781. See the full report for token usage, cost breakdown, and detailed phase output.

Summary by CodeRabbit

• Documentation
• Clarified Azure VM image fields with explicit formats, concrete examples, and links for marketplace, managed image, and gallery version lookups; specified allowed characters and length constraints for publisher, offer, and SKU.
• Tests
• Non-functional whitespace/formatting alignment in an ARM64 provisioning test; no behavioral changes.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 35.61%. Comparing base (5ca6794) to head (e1f918c).
⚠️ Report is 66 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8223      +/-   ##
==========================================
+ Coverage   34.63%   35.61%   +0.98%     
==========================================
  Files         767      767              
  Lines       93186    93333     +147     
==========================================
+ Hits        32277    33245     +968     
+ Misses      58236    57399     -837     
- Partials     2673     2689      +16     

see 59 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[hypershift-jira-solve-ci]

@coderabbitai Thanks for the review. The publisher examples have already been updated to lowercase-valid values ("azureopenshift", "canonical", "redhat") in commit 1276b77, consistent with the ^[a-z0-9][a-z0-9-_]{2,49}$ validation pattern. No further changes needed.

---

AI-assisted response via Claude Code

[everettraven]

Is this essentially a duplicate of #8211 ?

[hypershift-jira-solve-ci]

@everettraven Yes, there is significant overlap. Both PRs address the same TODO comments on the AzureMarketplaceImage struct fields (publisher, offer, sku), and both add a kubebuilder validation pattern for the offer field. They were generated from two separate but closely related Jira tickets (CNTRLPLANE-2781 for this PR vs CNTRLPLANE-2782 for #8211).

Key differences:

	This PR (#8223)	#8211
imageID docs	✅ Adds resource ID format examples and MS Learn link	❌ Not touched
offer regex	^[a-zA-Z0-9][a-zA-Z0-9._-]*$	^[a-zA-Z0-9]([a-zA-Z0-9-_.]*[a-zA-Z0-9])?$ (also requires ending alphanumeric)
publisher regex	Unchanged	Changed to ^[a-z0-9][a-z0-9-_]*[a-z0-9]$ (adds end-char constraint)
Doc style	Links to Microsoft Learn docs	References Azure CLI commands
Other	Includes karpenter test whitespace fix	—

These will conflict if both are merged. They should be reconciled — either close one in favor of the other, or merge the best parts of both into a single PR.

---

AI-assisted response via Claude Code

[hypershift-jira-solve-ci]

Re: review PRR_kwDOE7ekcc70eIzd

@coderabbitai Good catch on the mixed-case publisher examples. The Go source (api/hypershift/v1beta1/azure.go:174) already uses lowercase-valid examples ("azureopenshift", "canonical", "redhat"), consistent with the ^[a-z0-9][a-z0-9-_]{2,49}$ validation pattern. The issue was that the generated docs (api.md and aggregated-docs.md) had been committed with mixed-case examples ("Canonical", "RedHat") instead of being properly regenerated from the Go source. Fixed by re-running make api-docs docs-aggregate — the docs now correctly reflect the lowercase examples.

---

AI-assisted response via Claude Code

[openshift-ci-robot]

@hypershift-jira-solve-ci[bot]: This pull request references CNTRLPLANE-2781 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

What this PR does / why we need it:

Documents the valid character sets for Azure Marketplace image fields (offer, publisher, sku, imageID) and adds kubebuilder validation for the offer field.

Previously, these API fields had TODO comments instead of proper documentation. This PR:

• Replaces TODO comments with comprehensive documentation including expected formats, valid character sets, and concrete examples
• Adds a kubebuilder validation pattern for the offer field enforcing valid Azure Marketplace characters (alphanumeric, hyphens, underscores, periods)
• Links to relevant Microsoft Learn documentation for each field
• Regenerates CRDs, vendor, and API reference docs to reflect the changes
• Fixes minor whitespace alignment in the karpenter ARM64 e2e test

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/CNTRLPLANE-2781

Special notes for your reviewer:

The validation pattern ^[a-zA-Z0-9._-]+$ for the offer field matches the character set accepted by Azure Marketplace. Other fields (publisher, sku) were documented but not given validation patterns since their constraints may vary — this can be added in a follow-up if desired.

Checklist:

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Always review AI generated responses prior to use.
Generated with Claude Code via /jira:solve [CNTRLPLANE-2781](https://redhat.atlassian.net/browse/CNTRLPLANE-2781)

---

Note: This PR was auto-generated by the jira-agent periodic CI job in response to CNTRLPLANE-2781. See the full report for token usage, cost breakdown, and detailed phase output.

Summary by CodeRabbit

• Documentation
• Clarified Azure VM image fields with explicit formats, examples, and links for marketplace, managed image, and gallery lookups; specified allowed characters and length constraints for publisher, offer, and SKU.
• Tests
• Whitespace/formatting alignment change in an ARM64 provisioning test; no behavioral changes.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[enxebre]

is there a canonical source to API rather than CLI?

[hypershift-jira-solve-ci]

The closest canonical API source is the Azure Compute REST API reference for Virtual Machine Images:
https://learn.microsoft.com/en-us/rest/api/compute/virtual-machine-images

With specific operations for each field:

• List Publishers: https://learn.microsoft.com/en-us/rest/api/compute/virtual-machine-images/list-publishers
• List Offers: https://learn.microsoft.com/en-us/rest/api/compute/virtual-machine-images/list-offers
• List SKUs: https://learn.microsoft.com/en-us/rest/api/compute/virtual-machine-images/list-skus

However, the REST API docs don't document the character set constraints explicitly — those come from the Partner Center docs for publishers creating offers (e.g., https://learn.microsoft.com/en-us/partner-center/marketplace-offers/azure-vm-offer-setup). The CLI page currently linked is arguably the most user-friendly consumer-facing reference for finding valid values.

Happy to update the links to the REST API reference or the Partner Center docs — let me know which you'd prefer.

---

AI-assisted response via Claude Code

[enxebre]

please use // +kubebuilder:validation:XValidation:rule="self.matches and add an envtest to validate this

[hypershift-jira-solve-ci]

Done. Replaced +kubebuilder:validation:Pattern with +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9][a-zA-Z0-9._-]*$')" for the offer field, consistent with the pattern used elsewhere in the codebase (e.g., GCP project IDs in gcp.go, Azure client IDs in azure.go).

Added three envtest cases to stable.nodepools.azure.testsuite.yaml:

• Rejects offer with invalid characters (spaces, !)
• Rejects offer starting with a hyphen
• Accepts offer with valid mixed characters (alphanumeric, hyphens, underscores, periods)

Regenerated CRDs and vendor.

---

AI-assisted response via Claude Code

[enxebre]

/test address-review-comments

[openshift-ci-robot]

@hypershift-jira-solve-ci[bot]: This pull request references CNTRLPLANE-2781 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

What this PR does / why we need it:

Documents the valid character sets for Azure Marketplace image fields (offer, publisher, sku, imageID) and adds kubebuilder validation for the offer field.

Previously, these API fields had TODO comments instead of proper documentation. This PR:

• Replaces TODO comments with comprehensive documentation including expected formats, valid character sets, and concrete examples
• Adds a kubebuilder validation pattern for the offer field enforcing valid Azure Marketplace characters (alphanumeric, hyphens, underscores, periods)
• Links to relevant Microsoft Learn documentation for each field
• Regenerates CRDs, vendor, and API reference docs to reflect the changes
• Fixes minor whitespace alignment in the karpenter ARM64 e2e test

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/CNTRLPLANE-2781

Special notes for your reviewer:

The validation pattern ^[a-zA-Z0-9._-]+$ for the offer field matches the character set accepted by Azure Marketplace. Other fields (publisher, sku) were documented but not given validation patterns since their constraints may vary — this can be added in a follow-up if desired.

Checklist:

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Always review AI generated responses prior to use.
Generated with Claude Code via /jira:solve [CNTRLPLANE-2781](https://redhat.atlassian.net/browse/CNTRLPLANE-2781)

---

Note: This PR was auto-generated by the jira-agent periodic CI job in response to CNTRLPLANE-2781. See the full report for token usage, cost breakdown, and detailed phase output.

Summary by CodeRabbit

• Documentation
• Clarified Azure VM image configuration: explicit formats, examples, allowed characters, and length constraints for marketplace/managed/gallery image identifiers; added reference links for locating publisher, offer, and SKU values.
• Tests
• Minor whitespace/formatting alignment change in an ARM64 provisioning test; no behavioral changes.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[bryan-cox]

/retest

[hypershift-jira-solve-ci]

Both agents converged on the same root cause. Here is the final report:

Test Failure Analysis Complete

Job Information

• Prow Job: Red Hat Konflux / hypershift-operator-main-enterprise-contract & hypershift-operator-enterprise-contract
• Build ID: Check runs 71654272979 and 71654271521
• PR: CNTRLPLANE-2781: Document valid character sets and add validation for Azure Marketplace image fields #8223 (CNTRLPLANE-2781)
• Commit: e1f918c46bd00ff67c7a0a0cfbc68307bb147f92
• Pipeline Namespace: crt-redhat-acm-tenant
• Snapshot: hypershift-operator-20260416-135820-000

Test Failure Analysis

Error

Enterprise Contract verify task: 242 successes, 38 warnings, 2 failures

Rule violated: test.no_erred_tests (collection: redhat)
  "No tests erred — Produces a violation if any tests in the build pipeline have their result set to ERROR"

Failing build task: sast-snyk-check-oci-ta

Snyk CLI error:
  ERROR   Unspecified Error (SNYK-CLI-0000)
  error running analysis...: Get "https://api.snyk.io/hidden/orgs/26d61549-7b9f-4fa1-9809-
  7302aad748ab/tests/2424d7a6-9a06-447c-891d-28a3dd70f42a?version=2024-12-21":
  net/http: TLS handshake timeout

Summary

Both Enterprise Contract checks failed because the Snyk SAST scanner (sast-snyk-check-oci-ta) encountered a TLS handshake timeout connecting to api.snyk.io during the Konflux build pipeline. The Snyk task set its TEST_OUTPUT result to ERROR, which the Enterprise Contract test.no_erred_tests deny rule correctly flagged as a policy violation. This is a transient Snyk infrastructure connectivity issue completely unrelated to the PR's code changes (Azure Marketplace image field validation and documentation).

Root Cause

The Snyk CLI, running as part of the sast-snyk-check-oci-ta Tekton task in the Konflux build pipeline, failed to establish a TLS connection to the Snyk API at api.snyk.io. The specific error is net/http: TLS handshake timeout, indicating a network-level connectivity issue between the Konflux build infrastructure and Snyk's API servers.

The Snyk task itself completed as a Tekton task (exit code 0) but set its TEST_OUTPUT result to {"result":"ERROR", "note":"Task sast-snyk-check-oci-ta failed: For details, check Tekton task log."}. The Enterprise Contract verification pipeline then evaluated this result against the test.no_erred_tests policy rule, which produces a deny when any build task has an ERROR result. This triggered 2 failures (one per image variant: amd64 and multi-arch index).

Comparison with other PRs confirms this is transient:

• Main branch (5ca6794): EC passed with 488 successes, 0 failures
• PR CNTRLPLANE-2835: Drop HCPEtcdBackup feature gate for GA promotion #8259: EC passed with 244 successes, 0 failures
• PR OCPBUGS-83328: fix skipProxyForKAS to use standard NO_PROXY matching #8254: EC passed with 244 successes, 0 failures
• PR CNTRLPLANE-2781: Document valid character sets and add validation for Azure Marketplace image fields #8223 (this PR): EC failed with 242 successes, 2 failures — only difference is the Snyk ERROR

All other build tasks (clair-scan, clamav-scan, sast-unicode-check, rpms-signature-scan, deprecated-base-image-check) passed identically across all PRs. The 38 warnings (sast-shell-check, coverity-availability-check, trusted_task.current) are informative-only and also identical across PRs.

Recommendations

1. Re-run the Konflux build pipeline — This is a transient Snyk API connectivity issue. Retriggering the pipeline (e.g., by pushing an empty commit or using the Konflux UI to re-run) should produce a successful sast-snyk-check result and pass Enterprise Contract.

2. No code changes needed — The PR's changes (adding x-kubernetes-validations CEL rules and documentation for Azure Marketplace image fields) have no relationship to the Snyk SAST scanner failure.

3. If re-run also fails — Escalate to the Konflux/HACBS team to check Snyk API connectivity from the build cluster (stone-prd-rh01). The TLS timeout may indicate a broader network or proxy issue on that cluster.

Evidence

Evidence	Detail
Failed EC rule	test.no_erred_tests (collection: redhat) — denies when any build task result is ERROR
Failing build task	sast-snyk-check-oci-ta in pipeline hypershift-operator-main-on-pull-request-bjt5t
Snyk error	net/http: TLS handshake timeout connecting to api.snyk.io
Affected images	quay.io/redhat-user-workloads/crt-redhat-acm-tenant/hypershift-operator/hypershift-operator-main (sha256:c04a4f… amd64, sha256:bea7bf… multi-arch)
EC verify result	242 successes, 38 warnings, 2 failures
Comparison: main branch	488 successes, 52 warnings, 0 failures — Snyk passed
Comparison: PR #8259	244 successes, 38 warnings, 0 failures — Snyk passed
EC pipeline runs	hypershift-operator-main-enterprise-contract-ptcpp, hypershift-operator-enterprise-contract-4sdxs
Pipeline namespace	crt-redhat-acm-tenant
Failure is transient	Identical PR code passes EC on other recent commits; only variable is Snyk connectivity

---

[cblecker]

/uncc

[enxebre]

/retest
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: enxebre, hypershift-jira-solve-ci[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [enxebre]
• api/OWNERS [enxebre]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[enxebre]

PTAL @everettraven

/label tide/merge-method-squash

[everettraven]

@enxebre Would it make sense to consolidate this PR and #8211 into a single PR?

It looks like there is significant overlap and I've already left a handful of comments on #8211.

Happy to also review this as-is if that is preferred

[hypershift-jira-solve-ci]

Re: #8223 (comment)

@everettraven Good question — there is significant overlap, but also some meaningful differences between the two PRs that may be worth considering:

Overlap: Both PRs resolve the same TODO comments on the publisher, offer, and sku fields in AzureMarketplaceImage.

Key differences:

Aspect	This PR (#8223)	#8211
Scope	Documents imageID field + publisher/offer/sku	Only publisher/offer/sku
Offer validation	Uses XValidation (CEL: self.matches(...))	Uses kubebuilder:validation:Pattern
Publisher pattern	Keeps existing regex (^[a-z0-9][a-z0-9-_]{2,49}$)	Changes regex to require alphanumeric end char
Documentation style	Links to Microsoft Learn docs	Includes az CLI commands
Extra changes	Fixes test whitespace in karpenter e2e test	None

Consolidating into a single PR would make sense to avoid merge conflicts on the same lines. The decision on which approach to keep (XValidation vs Pattern for offer, whether to change the publisher regex) is best made by the maintainers.

---

AI-assisted response via Claude Code

[hypershift-jira-solve-ci]

Re: #8223 (comment)

@everettraven Good question — there is definite overlap, but also some meaningful differences between the two PRs:

	#8223 (this PR, CNTRLPLANE-2781)	#8211 (CNTRLPLANE-2782)
offer validation	Uses XValidation with self.matches() (CEL)	Uses kubebuilder Pattern regex annotation
publisher regex	Keeps existing pattern unchanged	Changes pattern to also require ending with alphanumeric
imageID docs	✅ Adds format docs, examples, and Microsoft Learn link	Not modified
Documentation style	Microsoft Learn links	Azure CLI commands (az vm image list-*)

Both resolve the same TODO comments on publisher, offer, and sku, so they do conflict on api/hypershift/v1beta1/azure.go.

Since @enxebre has already approved this PR, happy to defer to you both on whether to consolidate or proceed with this one as-is. Either approach works — if proceeding separately, whichever merges second would need a rebase to resolve the azure.go conflicts.

---

AI-assisted response via Claude Code