OCPBUGS-62445: prevent crash when rootDeviceHints format is invalid

[mhanss]

This PR adds validation for the --root-device-hint flag in the Create Node Image command.
Previously, providing an invalid format would cause the command to crash with a stack trace.

[openshift-ci-robot]

@mhanss: This pull request references Jira Issue OCPBUGS-62445, which is invalid:

• expected the bug to target the "4.21.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

This PR adds validation for the --root-device-hint flag in the Create Node Image command.
Previously, providing an invalid format would cause the command to crash with a stack trace.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Adds input validation for the rootDeviceHints flag in the single-node path and introduces a corresponding negative test to ensure malformed values (not in key:value format) produce an error.

Changes

Cohort / File(s)	Summary
Implementation: rootDeviceHints validation pkg/cli/admin/nodeimage/create.go	Splits RootDeviceHints on ":" and returns an error unless exactly two parts are present; otherwise proceeds to populate rootDeviceHints as before.
Tests: invalid input case pkg/cli/admin/nodeimage/create_test.go	Adds a test case asserting that an improperly formatted RootDeviceHints ("/dev/sda") triggers the expected error path and message.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title clearly summarizes the primary change by stating the prevention of a crash when the rootDeviceHints flag format is invalid, which directly reflects the added validation logic in the pull request. It is concise, specific, and avoids extraneous details, making it easy for reviewers to understand the main purpose at a glance.
Description Check	✅ Passed	The description succinctly explains that the PR adds validation for the --root-device-hint flag in the Create Node Image command and notes the previous crash behavior, directly aligning with the changes in the code and tests. It is clearly related to the modifications and provides enough context for reviewers to grasp the intent without being overly generic.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🧪 Early access (Sonnet 4.5): enabled

We are currently testing the Sonnet 4.5 model, which is expected to improve code review quality. However, this model may lead to increased noise levels in the review comments. Please disable the early access features if the noise level causes any inconvenience.

Note:

• Public repositories are always opted into early access features.
• You can enable or disable early access features from the CodeRabbit UI or by updating the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

pkg/cli/admin/nodeimage/create.go (1)

636-640: Consider validating that both key and value are non-empty.

The current validation correctly checks for the presence of the ":" separator, but it doesn't prevent edge cases like:

• ":" → empty key and value
• ":value" → empty key
• "key:" → empty value

These would pass validation but create malformed rootDeviceHints entries.

Consider adding validation to ensure both parts are non-empty:

 	if o.SingleNodeOpts.RootDeviceHints != "" {
 		parts := strings.SplitN(o.SingleNodeOpts.RootDeviceHints, ":", 2)
 		if len(parts) != 2 {
 			return nil, fmt.Errorf("incorrect rootDeviceHints format provided: %s. Expected format: <hint name>:<value>, for example: deviceName:/dev/sda", o.SingleNodeOpts.RootDeviceHints)
 		}
+		if strings.TrimSpace(parts[0]) == "" || strings.TrimSpace(parts[1]) == "" {
+			return nil, fmt.Errorf("incorrect rootDeviceHints format provided: %s. Both hint name and value must be non-empty", o.SingleNodeOpts.RootDeviceHints)
+		}
 		host["rootDeviceHints"] = map[string]interface{}{
 			parts[0]: parts[1],
 		}
 	}

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between a43ea28 and bd888e5.

📒 Files selected for processing (2)

• pkg/cli/admin/nodeimage/create.go (1 hunks)
• pkg/cli/admin/nodeimage/create_test.go (1 hunks)

🔇 Additional comments (1)

pkg/cli/admin/nodeimage/create_test.go (1)

665-671: LGTM! Test case correctly validates the error path.

The test case appropriately validates that an invalid rootDeviceHints format (missing the ":" separator) produces the expected error message. The test is well-isolated, only populating the RootDeviceHints field to ensure it specifically tests the format validation.

[andfasano]

In general we don't want to duplicate the node-joiner logic here, since the oc command must be as much as possible a simple wrapper. So, if there is an issue it must be fixed on the node-joiner side, and reuse the already existing workflow for reporting back the error to the user

[zaneb]

The format of the CLI arg is effectively already defined here (on the previous line) isn't it? And node-joiner uses a different format (proper yaml).

[andfasano]

That's perfectly right, I misread the original issue, this is an oc interface and not related to node-joiner

/approve

[mhanss]

/verified bypass
/jira refresh

[openshift-ci-robot]

@mhanss: This pull request references Jira Issue OCPBUGS-62445, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.21.0) matches configured target version for branch (4.21.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @mhanss

In response to this:

/verified bypass
/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

@openshift-ci-robot: GitHub didn't allow me to request PR reviews from the following users: mhanss.

Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

@mhanss: This pull request references Jira Issue OCPBUGS-62445, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.21.0) matches configured target version for branch (4.21.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @mhanss

In response to this:

/verified bypass
/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[mhanss]

/retest

[mhanss]

/test e2e-aws-ovn-serial-2of2

[mhanss]

/verified bypass

[openshift-ci-robot]

@mhanss: The verified label has been added.

In response to this:

/verified bypass

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[bmanzari]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andfasano, bmanzari, mhanss

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• pkg/cli/admin/nodeimage/OWNERS [andfasano]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@mhanss: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/okd-scos-e2e-aws-ovn	bd888e5	link	false	/test okd-scos-e2e-aws-ovn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 6632635 and 2 for PR HEAD bd888e5 in total

[openshift-ci-robot]

@mhanss: Jira Issue Verification Checks: Jira Issue OCPBUGS-62445
✔️ This pull request was pre-merge verified.
✔️ All associated pull requests have merged.
✔️ All associated, merged pull requests were pre-merge verified.

Jira Issue OCPBUGS-62445 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓

In response to this:

This PR adds validation for the --root-device-hint flag in the Create Node Image command.
Previously, providing an invalid format would cause the command to crash with a stack trace.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-merge-robot]

Fix included in accepted release 4.21.0-0.nightly-2025-10-07-102242