openshift
TLS curves configuration feature gate
Adds feature gate for TLS curves configuration in API config.
Enhancement PR: https://github.com/openshift/enhancements/pull/1894 Implementation PR: https://github.com/openshift/api/pull/2583
๐ Walkthrough
Walkthrough
Adds a new public feature gate FeatureGateTLSCurvesConfiguration to the feature gate declarations and updates documentation and multiple FeatureGate payload manifests to include the new gate. The gate is declared with name "TLSCurvesConfiguration", Jira component "Networking", contact "davidesalerno", product scope ocpSpecific, enhancement PR "https://github.com/openshift/enhancements/pull/1894", enableIn(configv1.DevPreviewNoUpgrade), and is registered via mustRegister(). Payload manifests mark it enabled in DevPreviewNoUpgrade variants and list it in disabled arrays for Default and TechPreviewNoUpgrade variants. features.md gains a corresponding row. No changes to control flow or error handling.
Changes
| Cohort / File(s) | Summary |
|---|---|
Feature gate declaration & docs features/features.go, features.md |
Adds public FeatureGateTLSCurvesConfiguration to allFeatureGates with name "TLSCurvesConfiguration", Jira component "Networking", contact "davidesalerno", product scope ocpSpecific, enhancement PR "https://github.com/openshift/enhancements/pull/1894", enableIn(configv1.DevPreviewNoUpgrade), and mustRegister(). Adds a corresponding row in features.md. |
Payload manifests โ Hypershift variants payload-manifests/featuregates/featureGate-Hypershift-Default.yaml, payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml, payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml |
Inserts TLSCurvesConfiguration into Hypershift FeatureGate YAMLs: present in the enabled list for DevPreviewNoUpgrade; present in the disabled lists for Default and TechPreviewNoUpgrade. |
Payload manifests โ SelfManagedHA variants payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml, payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml, payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml |
Inserts TLSCurvesConfiguration into SelfManagedHA FeatureGate YAMLs: present in the enabled list for DevPreviewNoUpgrade; present in the disabled lists for Default and TechPreviewNoUpgrade. |
CRD changes payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml |
Removes CEL-related fields and validations: the cel property and CEL enum option in TokenClaimValidationRule, associated x-kubernetes-validations, discoveryURL fields and validations across OIDC-related schema sections, and userValidationRules blocks. Adjusts required/type definitions accordingly. |
Estimated code review effort
Medium โ verify metadata and placement across manifests, docs, and the CRD removals.
๐ฅ Pre-merge checks | โ 3
โ Passed checks (3 passed)
| Check name | Status | Explanation |
|---|---|---|
| Title check | โ Passed | The title accurately describes the main change: adding a TLS curves configuration feature gate across multiple files. |
| Description check | โ Passed | The description is directly related to the changeset, explaining the purpose of adding a feature gate for TLS curves configuration with relevant enhancement PR reference. |
| Docstring Coverage | โ Passed | No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check. |
โ๏ธ Tip: You can configure your own custom pre-merge checks in the settings.
โจ Finishing touches
- [ ] ๐ Generate docstrings
๐งช Generate unit tests (beta)
- [ ] Create PR with unit tests
- [ ] Post copyable unit tests in a comment
[!WARNING] There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.
๐ง golangci-lint (2.5.0)
Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
Comment @coderabbitai help to get the list of available commands and usage tips.
![coderabbitai[bot] avatar](https://avatars.githubusercontent.com/in/347564?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hello @richardsonnick! Some important instructions when contributing to openshift/api: API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}
Pipeline controller notification
This repository is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.
For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.
This repository is configured in: LGTM mode
@richardsonnick Looks like this may need a rebase and it looks like you are missing the generated file updates here.
Running PROTO_OPTIONAL=true make update should re-generate everything you need.
@richardsonnick Looks like this may need a rebase and it looks like you are missing the generated file updates here.
Running
PROTO_OPTIONAL=true make updateshould re-generate everything you need.
Rebased and updated generated files. Thanks for the review
Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-ovn
/test e2e-aws-ovn-hypershift
/test e2e-aws-ovn-hypershift-conformance
/test e2e-aws-ovn-techpreview
/test e2e-aws-serial-1of2
/test e2e-aws-serial-2of2
/test e2e-aws-serial-techpreview-1of2
/test e2e-aws-serial-techpreview-2of2
/test e2e-azure
/test e2e-gcp
/test e2e-upgrade
/test e2e-upgrade-out-of-change
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: everettraven
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [everettraven]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
As discussed with @richardsonnick I need to verify if Jira component and contact person values are the right ones.
Should we also add some tests (see here)?
/hold
Tests are not required for new fates, only new fields. When you add the API tests will be important
@richardsonnick Apologies, another rebase needed here as there's a conflict to resolve
@richardsonnick: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| ci/prow/e2e-aws-serial-techpreview-1of2 | b1e173ab8362153572fd5a5a2f3494cec9353413 | link | true | /test e2e-aws-serial-techpreview-1of2 |
| ci/prow/e2e-aws-serial-1of2 | b1e173ab8362153572fd5a5a2f3494cec9353413 | link | true | /test e2e-aws-serial-1of2 |
| ci/prow/e2e-aws-ovn-hypershift | b1e173ab8362153572fd5a5a2f3494cec9353413 | link | true | /test e2e-aws-ovn-hypershift |
Full PR test history. Your PR dashboard.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.
@davidesalerno @richardsonnick Are you happy with the component this gate is assigned to?
Is this actually superseded by https://github.com/openshift/api/pull/2583 ? I noticed it also adds the gate.