Skip to content

OCPBUGS-93785: fix(cpo): initialize nil resource requests map before applying overrides#8924

Open
hypershift-jira-solve-ci[bot] wants to merge 1 commit into
openshift:mainfrom
hypershift-community:fix-OCPBUGS-93785
Open

OCPBUGS-93785: fix(cpo): initialize nil resource requests map before applying overrides#8924
hypershift-jira-solve-ci[bot] wants to merge 1 commit into
openshift:mainfrom
hypershift-community:fix-OCPBUGS-93785

Conversation

@hypershift-jira-solve-ci

@hypershift-jira-solve-ci hypershift-jira-solve-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown

What this PR does / why we need it:

The applyRequestsOverrides function panics with "assignment to entry in nil map" when a resource-request-override annotation targets a container that has no existing Resources.Requests map. This adds a nil guard to initialize the map before calling maps.Copy, matching the pattern already used for Resources.Limits in applyNonOvercommitableResourceLimits.

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/OCPBUGS-93785

Special notes for your reviewer:

The fix follows the same nil-guard pattern already used for Resources.Limits in applyNonOvercommitableResourceLimits within the same file.

Checklist:

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Always review AI generated responses prior to use.
Generated with Claude Code via openshift-developer plugin


Note: This PR was auto-generated by the jira-agent periodic CI job in response to OCPBUGS-93785. See the full report for token usage, cost breakdown, and detailed phase output.

Summary by CodeRabbit

  • Bug Fixes
    • Improved handling of resource overrides when request settings were previously unset.
    • Ensures request values are applied correctly for both regular and init containers, including related limit settings where applicable.
    • Prevents override-processing failures by safely initializing missing request resource data.
    • Expanded automated test coverage for these scenarios, including mixed container/initContainer cases.

@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels Jul 3, 2026
@openshift-ci-robot

Copy link
Copy Markdown

@hypershift-jira-solve-ci[bot]: This pull request references Jira Issue OCPBUGS-93785, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (5.0.0) matches configured target version for branch (5.0.0)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (jiezhao@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

What this PR does / why we need it:

The applyRequestsOverrides function panics with "assignment to entry in nil map" when a resource-request-override annotation targets a container that has no existing Resources.Requests map. This adds a nil guard to initialize the map before calling maps.Copy, matching the pattern already used for Resources.Limits in applyNonOvercommitableResourceLimits.

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/OCPBUGS-93785

Special notes for your reviewer:

The fix follows the same nil-guard pattern already used for Resources.Limits in applyNonOvercommitableResourceLimits within the same file.

Checklist:

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Always review AI generated responses prior to use.
Generated with Claude Code via openshift-developer plugin

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot

Copy link
Copy Markdown

@hypershift-jira-solve-ci[bot]: This pull request references Jira Issue OCPBUGS-93785, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (5.0.0) matches configured target version for branch (5.0.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (jiezhao@redhat.com), skipping review request.

Details

In response to this:

What this PR does / why we need it:

The applyRequestsOverrides function panics with "assignment to entry in nil map" when a resource-request-override annotation targets a container that has no existing Resources.Requests map. This adds a nil guard to initialize the map before calling maps.Copy, matching the pattern already used for Resources.Limits in applyNonOvercommitableResourceLimits.

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/OCPBUGS-93785

Special notes for your reviewer:

The fix follows the same nil-guard pattern already used for Resources.Limits in applyNonOvercommitableResourceLimits within the same file.

Checklist:

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Always review AI generated responses prior to use.
Generated with Claude Code via openshift-developer plugin


Note: This PR was auto-generated by the jira-agent periodic CI job in response to OCPBUGS-93785. See the full report for token usage, cost breakdown, and detailed phase output.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 768ae40e-5cdd-49c6-b67d-9dc7470ed522

📥 Commits

Reviewing files that changed from the base of the PR and between d35c068 and cce5775.

📒 Files selected for processing (2)
  • support/controlplane-component/defaults.go
  • support/controlplane-component/defaults_test.go
🚧 Files skipped from review as they are similar to previous changes (1)
  • support/controlplane-component/defaults.go

📝 Walkthrough

Walkthrough

applyRequestsOverrides now initializes Resources.Requests to an empty corev1.ResourceList when it is nil for matching containers and init-containers before copying override values and applying non-overcommittable limits. TestApplyRequestsOverrides was extended with cases covering a container target, an init-container target, and a mixed scenario with nil and non-nil request maps.

Estimated code review effort: Medium

Suggested labels: bug, controlplane-component, needs-test

Suggested reviewers: (based on typical file ownership in this repository)

Poem:
A nil map lurked, a silent trap,
Till overrides tried to fill the gap.
Now Requests wakes with an empty hand,
Ready for CPU and memory to land.
Tests confirm the fix stands tall— 🐰
No more nil maps, none at all!

🚥 Pre-merge checks | ✅ 11
✅ Passed checks (11 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main fix: initializing a nil resource requests map before applying overrides.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed All changed test names are static and descriptive; no dynamic pod/node/UUID/date values appear in titles.
Test Structure And Quality ✅ Passed New tests are pure table-driven unit tests, no cluster waits/resources, and they match existing repo style.
Topology-Aware Scheduling Compatibility ✅ Passed PASS — diff only initializes nil ResourceRequests before maps.Copy and adds tests; no scheduling, affinity, replica, nodeSelector, or PDB logic changed.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed Not applicable: the PR only adds Go unit tests in defaults_test.go (t.Run/Gomega), with no Ginkgo e2e tests or IPv4/external-network assumptions found.
No-Weak-Crypto ✅ Passed Touched files only add nil-guarded resource map init and tests; no weak crypto, custom crypto, or secret comparisons found.
Container-Privileges ✅ Passed PR only changes Go logic/tests for resource-request overrides; no Kubernetes manifests or privilege/security-context fields were modified.
No-Sensitive-Data-In-Logs ✅ Passed Touched files only add nil-guards and unit tests; no new log statements or sensitive-data emission paths were introduced.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot requested review from jparrill and muraee July 3, 2026 15:26
@openshift-ci openshift-ci Bot added area/control-plane-operator Indicates the PR includes changes for the control plane operator - in an OCP release area/hypershift-operator Indicates the PR includes changes for the hypershift operator and API - outside an OCP release and removed do-not-merge/needs-area labels Jul 3, 2026
@codecov

codecov Bot commented Jul 3, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 43.34%. Comparing base (488ef0e) to head (cce5775).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #8924      +/-   ##
==========================================
+ Coverage   43.28%   43.34%   +0.06%     
==========================================
  Files         771      771              
  Lines       95506    95538      +32     
==========================================
+ Hits        41335    41412      +77     
+ Misses      51287    51242      -45     
  Partials     2884     2884              
Files with missing lines Coverage Δ
support/controlplane-component/defaults.go 68.15% <100.00%> (+0.26%) ⬆️

... and 7 files with indirect coverage changes

Flag Coverage Δ
cmd-support 36.88% <100.00%> (+0.21%) ⬆️
cpo-hostedcontrolplane 45.31% <ø> (-0.01%) ⬇️
cpo-other 45.10% <ø> (ø)
hypershift-operator 53.58% <ø> (ø)
other 31.68% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

aroSwiftNICResource: resource.MustParse("1"),
},
},
},

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add another test case for mixing container/init-container and nil/non-nil resources

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. Added a test case that overrides across both containers and init-containers, mixing nil and non-nil resource requests in the same pod template spec.


AI-assisted response via Claude Code

@enxebre

enxebre commented Jul 3, 2026

Copy link
Copy Markdown
Member

/test address-review-comments

@hypershift-jira-solve-ci

Copy link
Copy Markdown
Author

Review agent triggered. View job

The applyRequestsOverrides function panics with "assignment to entry in
nil map" when a resource-request-override annotation targets a container
that has no existing Resources.Requests map. This adds a nil guard to
initialize the map before calling maps.Copy, matching the pattern already
used for Resources.Limits in applyNonOvercommitableResourceLimits.

Signed-off-by: OpenShift CI Bot <ci-bot@redhat.com>
@openshift-ci-robot

Copy link
Copy Markdown

@hypershift-jira-solve-ci[bot]: This pull request references Jira Issue OCPBUGS-93785, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (5.0.0) matches configured target version for branch (5.0.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (jiezhao@redhat.com), skipping review request.

Details

In response to this:

What this PR does / why we need it:

The applyRequestsOverrides function panics with "assignment to entry in nil map" when a resource-request-override annotation targets a container that has no existing Resources.Requests map. This adds a nil guard to initialize the map before calling maps.Copy, matching the pattern already used for Resources.Limits in applyNonOvercommitableResourceLimits.

Which issue(s) this PR fixes:

Fixes https://redhat.atlassian.net/browse/OCPBUGS-93785

Special notes for your reviewer:

The fix follows the same nil-guard pattern already used for Resources.Limits in applyNonOvercommitableResourceLimits within the same file.

Checklist:

  • Subject and description added to both, commit and PR.
  • Relevant issues have been referenced.
  • This change includes docs.
  • This change includes unit tests.

Always review AI generated responses prior to use.
Generated with Claude Code via openshift-developer plugin


Note: This PR was auto-generated by the jira-agent periodic CI job in response to OCPBUGS-93785. See the full report for token usage, cost breakdown, and detailed phase output.

Summary by CodeRabbit

  • Bug Fixes
  • Improved handling of resource overrides when request settings were previously unset.
  • Ensures request values are applied correctly for both regular and init containers, including related limit settings where applicable.
  • Prevents override-processing failures by safely initializing missing request resource data.
  • Expanded automated test coverage for these scenarios, including mixed container/initContainer cases.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@enxebre

enxebre commented Jul 3, 2026

Copy link
Copy Markdown
Member

/approve
/lgtm

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jul 3, 2026
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aks
/test e2e-aws
/test e2e-aws-upgrade-hypershift-operator
/test e2e-azure-v2-self-managed
/test e2e-kubevirt-aws-ovn-reduced
/test e2e-v2-aws
/test e2e-v2-gke

@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: enxebre, hypershift-jira-solve-ci[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 3, 2026
@cwbotbot

cwbotbot commented Jul 3, 2026

Copy link
Copy Markdown

Test Results

e2e-aws

Failed Tests

Total failed tests: 2

  • TestCreateClusterRequestServingIsolation
  • TestCreateClusterRequestServingIsolation/Teardown

e2e-aks

@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

@hypershift-jira-solve-ci[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-azure-v2-self-managed cce5775 link true /test e2e-azure-v2-self-managed
ci/prow/e2e-aks cce5775 link true /test e2e-aks
ci/prow/e2e-aws cce5775 link true /test e2e-aws
ci/prow/e2e-aws-upgrade-hypershift-operator cce5775 link true /test e2e-aws-upgrade-hypershift-operator

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/control-plane-operator Indicates the PR includes changes for the control plane operator - in an OCP release area/hypershift-operator Indicates the PR includes changes for the hypershift operator and API - outside an OCP release jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants