OPRUN-4544,OPRUN-4542: add lifecycle-controller for managing catalog lifecycle pods

[perdasilva]

Summary

• Introduces a lifecycle-controller that watches CatalogSources and manages per-catalog lifecycle-server deployments
• For each matching CatalogSource with a running pod, the controller creates a Deployment, ServiceAccount, Service, and NetworkPolicy using server-side apply
• Maintains a shared ClusterRoleBinding across all lifecycle-server instances
• Watches the OpenShift APIServer TLS security profile and triggers rolling restarts of lifecycle-server deployments when it changes
• Includes RBAC, Deployment, Service, NetworkPolicy manifests gated behind TechPreviewNoUpgrade
• Depends on OPRUN-4541,OPRUN-4544: add lifecycle-server for serving FBC catalog lifecycle metadata #1284 (lifecycle-server)

Commits

1. feat: add lifecycle-controller for managing catalog lifecycle pods — controller code, manifests, unit tests, vendor
2. UPSTREAM: <carry>: add e2e tests for lifecycle-controller and lifecycle-server — e2e tests and test catalog images (staging/ changes)

Key Components

• cmd/lifecycle-controller/ — CLI entrypoint with TLS profile watching, leader election, metrics serving with authn/authz, health/readiness probes
• pkg/lifecycle-controller/controller.go — SSA-based reconciler: creates/updates/deletes lifecycle-server resources per CatalogSource, manages shared ClusterRoleBinding
• pkg/lifecycle-controller/tls.go — Thread-safe TLS config provider that dynamically updates when the cluster TLS profile changes
• manifests/ and microshift-manifests/ — Deployment, RBAC, Service, NetworkPolicy manifests

E2E Tests

• Test catalog images at quay.io/olmtest/lifecycle-catalog:v1 and quay.io/olmtest/lifecycle-catalog-no-lifecycle:v1
• Lifecycle Controller tests (downstream_lifecycle_controller_test.go):
  • Resource creation (Deployment, Service, SA, NetworkPolicy, CRB)
  • Cleanup on CatalogSource deletion
  • Independent resources for multiple CatalogSources
  • Resources created for catalogs without lifecycle data
• Lifecycle Server tests (downstream_lifecycle_server_test.go):
  • API happy path: known package returns 200 + JSON
  • Unknown package/version returns 404
  • No lifecycle data returns 503
  • Health/readiness endpoints return 200
  • Unauthenticated requests rejected (401/403)

Test plan

• Unit tests for resource name generation, reconciliation lifecycle, CRB management, deployment spec, TLS provider
• E2E tests for controller resource management and server API/health/security
• go build ./cmd/lifecycle-controller/... succeeds
• go test ./pkg/lifecycle-controller/... passes
• go build -tags e2e ./staging/operator-lifecycle-manager/test/e2e/... compiles
• go mod verify clean

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features
  • Controller now auto-provisions and manages per-catalog lifecycle-server deployments and services; server exposes HTTPS API plus health/readiness endpoints and metrics.
• Security & Hardening
  • TLS with runtime certificate reload and configurable profiles, hardened pod security contexts, NetworkPolicies, and tightened RBAC for controller & server.
• Build & Packaging
  • Runtime image now includes both controller and server binaries; manifests and generation scripts updated to include new components.
• Tests
  • Extensive unit, integration, and E2E tests added for controller, server, TLS, and FBC handling.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds a lifecycle-controller and lifecycle-server: new CLIs and managers, a controller that watches CatalogSources and provisions per-catalog lifecycle-server workloads, a lifecycle-server that indexes/serves FBC lifecycle JSON, TLS/profile support, manifests, RBAC, build wiring, and extensive unit and E2E tests.

Changes

Lifecycle controller + lifecycle server feature

Layer / File(s)	Summary
Data Shape & Indexing pkg/lifecycle-server/fbc.go	Adds LifecycleIndex and LoadLifecycleData to walk FBC JSON blobs, index by schema version and package, and helpers CountBlobs/CountPackages/ListVersions.
Core Server Handlers pkg/lifecycle-server/server.go	Adds NewHandler and NewHealthHandler serving /api/{version}/lifecycles/{package} and /healthz,/readyz using LifecycleIndex.
Server FBC Tests pkg/lifecycle-server/fbc_test.go, pkg/lifecycle-server/server_test.go	Comprehensive tests for schema regex, LoadLifecycleData behaviors, indexing helpers, routing, concurrency, and byte-for-byte blob retention.
Controller Core Logic pkg/lifecycle-controller/controller.go	Adds LifecycleServerReconciler: match CatalogSources, select catalog pod (image digest/node), build/apply per-catalog ServiceAccount/Service/Deployment/NetworkPolicy, manage shared ClusterRoleBinding subjects, and cleanup logic; label/selector predicates and mapping helpers.
Controller Unit & Integration Tests pkg/lifecycle-controller/controller_test.go	Large test suite covering name hashing, image digest extraction, affinity, builders (Service/SA/Deployment/NetworkPolicy), reconcile flows (create, update, cleanup), ClusterRoleBinding behavior, event predicates, and error propagation.
TLS Provider pkg/lifecycle-controller/tls.go, pkg/lifecycle-controller/tls_test.go	Adds concurrency-safe TLSConfigProvider with Get/UpdateProfile, cloned tls.Config returns, GetCertificate callback wiring, and concurrency tests.
Controller CLI & Manager cmd/lifecycle-controller/main.go, cmd/lifecycle-controller/start.go, cmd/lifecycle-controller/util.go	New Cobra CLI and start logic: parse flags, build manager with secure metrics using TLSConfigProvider, scoped cache, optional TLSProfile watcher, and register LifecycleServerReconciler; scheme and catalog-pod selector helpers.
Server CLI & Runtime cmd/lifecycle-server/main.go, cmd/lifecycle-server/start.go	New Cobra CLI and start logic: parse FBC path and TLS flags, dynamic cert reloading, build authn/authz filter, load lifecycle data, run HTTPS API and plain health servers with graceful context shutdown.
Build & Module Wiring Makefile, go.mod, operator-lifecycle-manager.Dockerfile	Adds LIFECYCLE_CONTROLLER_CMD/LIFECYCLE_SERVER_CMD build targets in Makefile; go.mod dependency updates and replace directive; Dockerfile copies both runtime binaries into image.
Manifest Generation & Kustomize scripts/generate_crds_manifests.sh, microshift-manifests/kustomization.yaml	Extend manifest generator and microshift kustomization to include lifecycle-controller/server artifacts.
Kubernetes Manifests manifests/0000_50_olm_08-lifecycle-controller.*, manifests/0000_50_olm_09-lifecycle-server.rbac.yaml, microshift-manifests/...	Adds lifecycle-controller Deployment, Service, NetworkPolicy, ClusterRole/ClusterRoleBinding/ServiceAccount, and lifecycle-server ClusterRole for kube-rbac-proxy token/subjectaccessreviews; microshift variants included.
E2E Tests & Test Images staging/operator-lifecycle-manager/test/e2e/*, staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/*, pkg/lifecycle-controller/TODO.md	Adds Ginkgo E2E suites for controller and server verification (reconciliation, API responses, health, auth behavior), test image Dockerfiles, catalogs, build helper script, and E2E TODO checklist.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant CatalogSource as CatalogSource (CR)
    participant Controller as lifecycle-controller
    participant KubeAPI as Kubernetes API
    participant CatalogPod as Catalog Pod
    participant TLSProfile as Apiserver TLSProfile
    participant TLSProv as TLSConfigProvider
    participant LifecycleDep as Lifecycle Deployment (per-catalog)
    participant LifecycleSvc as lifecycle-server Pod
    participant Client as Client

    CatalogSource->>KubeAPI: create/update CatalogSource
    KubeAPI->>Controller: watch event
    Controller->>KubeAPI: list/watch Pods (olm.catalogSource selector)
    KubeAPI->>CatalogPod: return matching pods
    Controller->>CatalogPod: inspect status, image digest, node
    Controller->>KubeAPI: apply per-catalog ServiceAccount/Service/Deployment/NetworkPolicy
    Controller->>KubeAPI: update shared ClusterRoleBinding subjects
    TLSProfile->>Controller: notify TLS profile change (optional)
    Controller->>TLSProv: UpdateProfile(newSpec)
    TLSProv->>LifecycleDep: provide tls.Config with GetCertificate
    LifecycleDep->>LifecycleSvc: lifecycle-server starts and serves API over TLS
    Client->>LifecycleSvc: HTTPS GET /api/{version}/lifecycles/{package}
    LifecycleSvc->>LifecycleSvc: lookup LifecycleIndex and respond (200/404/503)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

[perdasilva]

/hold this one should come after #1284

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: perdasilva

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• DOWNSTREAM_OWNERS [perdasilva]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@perdasilva: This pull request references OPRUN-4544 which is a valid jira issue.

This pull request references OPRUN-4542 which is a valid jira issue.

Details

In response to this:

Summary

• Introduces a lifecycle-controller that watches CatalogSources and manages per-catalog lifecycle-server deployments
• For each matching CatalogSource with a running pod, the controller creates a Deployment, ServiceAccount, Service, and NetworkPolicy using server-side apply
• Maintains a shared ClusterRoleBinding across all lifecycle-server instances
• Watches the OpenShift APIServer TLS security profile and triggers rolling restarts of lifecycle-server deployments when it changes
• Includes RBAC, Deployment, Service, NetworkPolicy manifests gated behind TechPreviewNoUpgrade
• Depends on OPRUN-4541,OPRUN-4544: add lifecycle-server for serving FBC catalog lifecycle metadata #1284 (lifecycle-server)

Key Components

• cmd/lifecycle-controller/ — CLI entrypoint with TLS profile watching, leader election, metrics serving with authn/authz, health/readiness probes
• pkg/lifecycle-controller/controller.go — SSA-based reconciler: creates/updates/deletes lifecycle-server resources per CatalogSource, manages shared ClusterRoleBinding
• pkg/lifecycle-controller/tls.go — Thread-safe TLS config provider that dynamically updates when the cluster TLS profile changes
• manifests/ and microshift-manifests/ — Deployment, RBAC, Service, NetworkPolicy manifests

Test plan

• Unit tests for resource name generation including truncation, empty names, special characters (TestResourceName)
• Unit tests for full reconciliation lifecycle: create, update, delete, selector filtering (TestReconcile*)
• Unit tests for ClusterRoleBinding reconciliation with multiple CatalogSources (TestReconcileClusterRoleBinding*)
• Unit tests for deployment spec generation including probes, security context, volumes, TLS args (TestBuildDeployment*)
• Unit tests for TLS config provider: thread safety, profile updates, certificate preservation (TestTLSConfigProvider*)
• Unit tests for pod-to-CatalogSource mapping and predicates (TestMapPodToCatalogSource, TestCatalogPodPredicate)
• go build ./cmd/lifecycle-controller/... succeeds
• go test ./pkg/lifecycle-controller/... passes
• go mod verify clean

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

• Introduced lifecycle-controller and lifecycle-server components as new OLM deployments with health and metrics endpoints

• Added HTTP API for querying lifecycle catalog information by version and package

• Configured TLS, RBAC, and NetworkPolicy security controls for the new components

• Documentation

• Added end-to-end test scenario outline for lifecycle controller validation

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 5

🧹 Nitpick comments (4)

pkg/lifecycle-controller/controller.go (2)

341-358: 💤 Low value

Consider defensive validation for edge cases in resourceName.

While CatalogSource names must be valid Kubernetes object names (and thus DNS-compliant), the transformation could theoretically produce an invalid DNS label in edge cases:

• Input "..." → "---" → "" after TrimRight → "-lifecycle-server" (starts with hyphen)
• Input "123" → "123-lifecycle-server" (starts with digit, technically invalid for DNS subdomain)

In practice, CatalogSource names follow Kubernetes naming rules, making these cases unlikely. However, adding a simple validation or using strings.TrimLeft(csName, "-") after processing would be more defensive.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller.go` around lines 341 - 358, Update
resourceName to defensively remove leading hyphens and ensure the final label
starts with a letter: after the existing TrimRight(csName, "-") call, add
strings.TrimLeft(csName, "-") to remove leading dashes, and if csName is empty
set csName = "a" (or otherwise ensure it will not be empty before appending the
suffix). Also, if the first rune of csName is not a lowercase letter (e.g., it
starts with a digit), prefix it with "a" so the final value (csName + "-" +
resourceBaseName) begins with a letter; adjust truncation logic if necessary so
the combined length still respects maxPrefix. Reference: function resourceName
and constant resourceBaseName.

---

696-710: 💤 Low value

TLS profile change handler swallows list error.

When listing CatalogSources fails (line 699), the error is logged but the function returns nil, causing no reconciliation requests to be enqueued. This silently drops the TLS profile update. Consider returning an error or implementing retry logic.

Note: The current behavior may be intentional since individual CatalogSources will eventually reconcile on their own triggers, picking up the new TLS config. However, this could delay TLS profile propagation.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller.go` around lines 696 - 710, The handler
passed to bldr.WatchesRawSource (handler.TypedEnqueueRequestsFromMapFunc)
currently swallows errors from mgr.GetClient().List and returns nil, dropping
the TLS profile update; change the map func to accept the full
configv1.TLSProfile object (rather than TLSProfileSpec) so you can return a
reconcile.Request that requeues the TLSProfile itself when mgr.GetClient().List
fails (use client.ObjectKeyFromObject on the TLSProfile param), and keep the
original behavior of returning CatalogSource requests on success; update the
TypedEnqueueRequestsFromMapFunc signature and its callers accordingly and ensure
r.Log.Error still logs the error.

pkg/lifecycle-controller/controller_test.go (1)

108-163: 💤 Low value

Good test coverage for resourceName - consider adding edge case tests.

The test cases cover common scenarios well (special characters, truncation, trailing hyphens). Consider adding tests for edge cases that could produce invalid DNS labels:

• Input containing only special characters (e.g., "..." or "___")
• Input starting with digits after transformation

These are unlikely in practice but would document the function's behavior boundaries.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller_test.go` around lines 108 - 163, Add
tests in TestResourceName to cover edge cases where the input is only special
characters (e.g., "..." or "___") and where the transformed name starts with
digits; call resourceName with these inputs and assert the returned string
respects DNS label rules (lowercase, hyphens only, no leading/trailing hyphen,
max 63 chars) and matches the expected output you decide (e.g., suffix-only
"lifecycle-server" or a cleaned name that does not start with a digit). Use the
same t.Run structure and require assertions (require.Equal and
require.LessOrEqual) so TestResourceName continues to validate length and exact
output for these edge-case inputs.

cmd/lifecycle-controller/start.go (1)

204-209: 💤 Low value

Add logging when falling back to default TLS profile.

When FetchAPIServerTLSProfile fails, the function silently returns the default profile with EnableTLSProfileWatcher = false. This hides potential configuration issues. Consider logging the error to aid debugging.

Proposed fix

 func getInitialTLSProfile(ctx context.Context, restConfig *rest.Config, sch *runtime.Scheme) (configv1.TLSProfileSpec, bool, error) {
 	cl, err := client.New(restConfig, client.Options{Scheme: sch})
 	if err != nil {
 		return configv1.TLSProfileSpec{}, false, fmt.Errorf("failed to create client: %w", err)
 	}
 	initialTLSProfileSpec, err := tlsutil.FetchAPIServerTLSProfile(ctx, cl)
 	if err != nil {
+		klog.V(2).Info("unable to fetch APIServer TLS profile, using default", "error", err)
 		return *configv1.TLSProfiles[crypto.DefaultTLSProfileType], false, nil
 	}
 	return initialTLSProfileSpec, true, nil
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@cmd/lifecycle-controller/start.go` around lines 204 - 209, When
tlsutil.FetchAPIServerTLSProfile(ctx, cl) returns an error, add a log statement
that records the error and context before returning the default profile;
specifically, log the error (e.g., using klog.Errorf or the controller's logger)
inside the error branch that currently returns
*configv1.TLSProfiles[crypto.DefaultTLSProfileType], false, nil so callers still
get the default profile and EnableTLSProfileWatcher=false but the failure is
visible for debugging.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 254: The replace directive referencing
github.com/joelanford/controller-runtime-common with pseudo-version ending in
afe447e6c57e is incorrect because that commit exists only in upstream
openshift/controller-runtime-common; either change the replace to point to the
upstream module (github.com/openshift/controller-runtime-common) at the
PR/commit that contains afe447e6c57e, or update the fork
(github.com/joelanford/controller-runtime-common) to include that commit and
re-generate the pseudo-version; also add a clear comment in go.mod next to the
replace indicating this is a temporary override and include a planned removal
date or ticket reference so the replace can be removed once the correct upstream
release is available.

In `@manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml`:
- Around line 62-67: The GOMEMLIMIT env var is set to an unreasonably low "5MiB"
causing excessive GC; update the GOMEMLIMIT value (env name GOMEMLIMIT) to a
realistic budget aligned with the controller pod memory (e.g., match
resources.requests.memory and resources.limits.memory — raise requests.memory
from 10Mi to a sensible value such as 128Mi and set a corresponding
resources.limits.memory), and apply the same GOMEMLIMIT and resource changes to
the mirrored microshift deployment manifests so both deployments use the same
memory budget.

In `@manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml`:
- Around line 20-32: The NetworkPolicy egress currently only restricts ports
(egress block listing ports 6443, 53, 5353) which allows traffic to any
destination; update the egress rules to include explicit "to" selectors for each
destination: add a rule targeting the API server endpoint (e.g., the cluster API
server IP or service via an ipBlock or a namespaceSelector/podSelector for
kube-system/kube-apiserver) for port 6443, and rules targeting the cluster DNS
service (kube-dns or coredns Service IP or selector) for ports 53 and 5353 (both
TCP/UDP as appropriate), ensuring each egress entry pairs its ports with the
correct "to" clause to enforce least privilege.

In `@microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml`:
- Around line 20-32: The egress rules currently allow wide-open access to ports
6443, 53 and 5353; constrain them by adding "to" destination selectors for each
port group: for the API server egress (port 6443) add a "to" that targets the
API server endpoints (e.g., podSelector or namespaceSelector that matches the
control-plane/apiserver pods or the API server Service endpoints) and for DNS
egress (ports 53 and 5353) add a "to" that targets DNS backends (e.g.,
podSelector matching app: coredns or k8s-app: kube-dns or the cluster DNS
Service endpoints); update the egress entries around the port lists (ports: 6443
/ ports: 53,5353) to include the corresponding "to" blocks so traffic is limited
to the API server and DNS targets only.

In `@scripts/generate_crds_manifests.sh`:
- Around line 763-766: The RBAC block that manages lifecycle-server
clusterrolebindings currently includes the "delete" verb for resource
"clusterrolebindings"; remove "delete" from the verbs list (leave "get", "list",
"watch", "create", "update", "patch") so the reconciler can manage/apply CRBs
but cannot delete them, tightening permissions for the lifecycle-server
clusterrolebindings entry that references "clusterrolebindings".

---

Nitpick comments:
In `@cmd/lifecycle-controller/start.go`:
- Around line 204-209: When tlsutil.FetchAPIServerTLSProfile(ctx, cl) returns an
error, add a log statement that records the error and context before returning
the default profile; specifically, log the error (e.g., using klog.Errorf or the
controller's logger) inside the error branch that currently returns
*configv1.TLSProfiles[crypto.DefaultTLSProfileType], false, nil so callers still
get the default profile and EnableTLSProfileWatcher=false but the failure is
visible for debugging.

In `@pkg/lifecycle-controller/controller_test.go`:
- Around line 108-163: Add tests in TestResourceName to cover edge cases where
the input is only special characters (e.g., "..." or "___") and where the
transformed name starts with digits; call resourceName with these inputs and
assert the returned string respects DNS label rules (lowercase, hyphens only, no
leading/trailing hyphen, max 63 chars) and matches the expected output you
decide (e.g., suffix-only "lifecycle-server" or a cleaned name that does not
start with a digit). Use the same t.Run structure and require assertions
(require.Equal and require.LessOrEqual) so TestResourceName continues to
validate length and exact output for these edge-case inputs.

In `@pkg/lifecycle-controller/controller.go`:
- Around line 341-358: Update resourceName to defensively remove leading hyphens
and ensure the final label starts with a letter: after the existing
TrimRight(csName, "-") call, add strings.TrimLeft(csName, "-") to remove leading
dashes, and if csName is empty set csName = "a" (or otherwise ensure it will not
be empty before appending the suffix). Also, if the first rune of csName is not
a lowercase letter (e.g., it starts with a digit), prefix it with "a" so the
final value (csName + "-" + resourceBaseName) begins with a letter; adjust
truncation logic if necessary so the combined length still respects maxPrefix.
Reference: function resourceName and constant resourceBaseName.
- Around line 696-710: The handler passed to bldr.WatchesRawSource
(handler.TypedEnqueueRequestsFromMapFunc) currently swallows errors from
mgr.GetClient().List and returns nil, dropping the TLS profile update; change
the map func to accept the full configv1.TLSProfile object (rather than
TLSProfileSpec) so you can return a reconcile.Request that requeues the
TLSProfile itself when mgr.GetClient().List fails (use
client.ObjectKeyFromObject on the TLSProfile param), and keep the original
behavior of returning CatalogSource requests on success; update the
TypedEnqueueRequestsFromMapFunc signature and its callers accordingly and ensure
r.Log.Error still logs the error.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b1015d3d-9bae-4419-9199-6f68e8e99b31

📥 Commits

Reviewing files that changed from the base of the PR and between 122728c and ece75f8.

⛔ Files ignored due to path filters (6)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/controller-runtime-common/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/library-go/pkg/crypto/crypto.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (29)

• Makefile
• cmd/lifecycle-controller/main.go
• cmd/lifecycle-controller/start.go
• cmd/lifecycle-controller/util.go
• cmd/lifecycle-server/main.go
• cmd/lifecycle-server/start.go
• go.mod
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• pkg/lifecycle-controller/TODO.md
• pkg/lifecycle-controller/controller.go
• pkg/lifecycle-controller/controller_test.go
• pkg/lifecycle-controller/tls.go
• pkg/lifecycle-controller/tls_test.go
• pkg/lifecycle-server/fbc.go
• pkg/lifecycle-server/fbc_test.go
• pkg/lifecycle-server/server.go
• pkg/lifecycle-server/server_test.go
• scripts/generate_crds_manifests.sh

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (1)

go.mod (1)

254-254: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

The replace directive issue flagged in previous review remains unresolved.

As noted in the prior review, this replace directive points to a fork (joelanford/controller-runtime-common) that does not contain commit afe447e6c57e. The commit exists only in the upstream openshift/controller-runtime-common repository. This mismatch will cause module resolution failures.

Please address the previous review comment by either:

1. Updating the replace to point to the upstream repository, or
2. Ensuring the fork includes the required commit

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 254, The replace directive currently mapping
github.com/openshift/controller-runtime-common to
github.com/joelanford/controller-runtime-common at pseudo-version afe447e6c57e
is invalid because that fork does not contain that commit; update the go.mod
replace so the module resolution points to the upstream repo or to a fork that
actually contains commit afe447e6c57e — specifically change the replace target
from github.com/joelanford/controller-runtime-common to
github.com/openshift/controller-runtime-common (or ensure the joelanford fork is
updated to include commit afe447e6c57e) so the existing replace line and
pseudo-version resolve correctly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@cmd/lifecycle-controller/start.go`:
- Around line 204-206: The current code in start.go masks all errors from
tlsutil.FetchAPIServerTLSProfile by unconditionally falling back to the default
profile and disabling the watcher; change the error handling so only the
specific "not found / no TLS profile configured" condition falls back: call
tlsutil.FetchAPIServerTLSProfile(ctx, cl) and if the returned error is the
sentinel/not-found condition (e.g., apierrors.IsNotFound(err) or a
tlsutil.ErrNoProfile sentinel exposed by tlsutil) then return
*configv1.TLSProfiles[crypto.DefaultTLSProfileType], false, nil; for any other
error from FetchAPIServerTLSProfile return nil (or propagate the error) so
startup fails and the watcher remains active; update the branch around
initialTLSProfileSpec and its error handling accordingly.
- Around line 278-300: The TLS watcher currently sends events into an unbuffered
tlsChangeChan in setupTLSProfileWatcher which can block the OnProfileChange
callback; change tlsChangeChan to a buffered channel (e.g., make(chan
event.TypedGenericEvent[configv1.TLSProfileSpec], 1) or a small configurable
buffer) so sends in tlsChangeChan <- ... inside the OnProfileChange closure
never block the watcher or shutdown path; update any callers/consumers if they
rely on synchronous behavior.

In `@pkg/lifecycle-controller/controller.go`:
- Around line 532-537: The egress rule added via WithEgress /
networkingv1ac.NetworkPolicyEgressRule currently only allows the backend
targetPort 6443 (specified with NetworkPolicyPort and intstr.FromInt32(6443)),
but Kubernetes services are reached via their service port (443) so
TokenReview/SAR calls will be blocked; update the NetworkPolicyPort list in the
WithEgress block (where NetworkPolicyEgressRule is built) to include a second
port entry for 443 in addition to 6443 so the policy permits traffic to
kubernetes.default.svc:443.

---

Duplicate comments:
In `@go.mod`:
- Line 254: The replace directive currently mapping
github.com/openshift/controller-runtime-common to
github.com/joelanford/controller-runtime-common at pseudo-version afe447e6c57e
is invalid because that fork does not contain that commit; update the go.mod
replace so the module resolution points to the upstream repo or to a fork that
actually contains commit afe447e6c57e — specifically change the replace target
from github.com/joelanford/controller-runtime-common to
github.com/openshift/controller-runtime-common (or ensure the joelanford fork is
updated to include commit afe447e6c57e) so the existing replace line and
pseudo-version resolve correctly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: e97221ef-a124-4bdf-b6d8-66af5a489b65

📥 Commits

Reviewing files that changed from the base of the PR and between ece75f8 and 74f8725.

⛔ Files ignored due to path filters (5)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/controller-runtime-common/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (25)

• Makefile
• cmd/lifecycle-controller/main.go
• cmd/lifecycle-controller/start.go
• cmd/lifecycle-controller/util.go
• go.mod
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• pkg/lifecycle-controller/TODO.md
• pkg/lifecycle-controller/controller.go
• pkg/lifecycle-controller/controller_test.go
• pkg/lifecycle-controller/tls.go
• pkg/lifecycle-controller/tls_test.go
• scripts/generate_crds_manifests.sh

✅ Files skipped from review due to trivial changes (10)

• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• pkg/lifecycle-controller/TODO.md
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• operator-lifecycle-manager.Dockerfile
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• pkg/lifecycle-controller/tls_test.go
• scripts/generate_crds_manifests.sh

🚧 Files skipped from review as they are similar to previous changes (5)

• microshift-manifests/kustomization.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• cmd/lifecycle-controller/util.go
• cmd/lifecycle-controller/main.go
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 895ba5ca-03fc-4a12-890d-41282603cecd

📥 Commits

Reviewing files that changed from the base of the PR and between 74f8725 and c148b33.

⛔ Files ignored due to path filters (27)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/controller-runtime-common/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/library-go/pkg/crypto/crypto.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (25)

• Makefile
• cmd/lifecycle-controller/main.go
• cmd/lifecycle-controller/start.go
• cmd/lifecycle-controller/util.go
• go.mod
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• pkg/lifecycle-controller/TODO.md
• pkg/lifecycle-controller/controller.go
• pkg/lifecycle-controller/controller_test.go
• pkg/lifecycle-controller/tls.go
• pkg/lifecycle-controller/tls_test.go
• scripts/generate_crds_manifests.sh

✅ Files skipped from review due to trivial changes (12)

• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• pkg/lifecycle-controller/TODO.md
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• pkg/lifecycle-controller/tls_test.go
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• cmd/lifecycle-controller/util.go
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• scripts/generate_crds_manifests.sh

🚧 Files skipped from review as they are similar to previous changes (5)

• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• go.mod
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (2)

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile (1)

1-2: ⚡ Quick win

Prefer COPY here.

ADD is unnecessary for a local config directory and carries tar/URL semantics we don't need in this fixture.

Suggested fix

 FROM scratch
-ADD configs /configs
+COPY configs /configs

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`
around lines 1 - 2, The Dockerfile uses "ADD configs /configs" which is
unnecessary; replace that ADD instruction with "COPY configs /configs" so the
local configs directory is copied without ADD's tar/URL behavior; update the
Dockerfile line that currently contains ADD configs /configs to use COPY instead
and keep the same destination path.

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile (1)

1-2: ⚡ Quick win

Prefer COPY here.

ADD is unnecessary for a local config directory and carries tar/URL semantics we don't need in this fixture.

Suggested fix

 FROM scratch
-ADD configs /configs
+COPY configs /configs

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`
around lines 1 - 2, Replace the ADD instruction with COPY in the Dockerfile so
the local configs directory is copied without ADD's extra tar/URL semantics;
update the Dockerfile's second line to use COPY configs /configs (leave the FROM
scratch line unchanged) to ensure the fixture uses the simpler, more appropriate
Dockerfile directive.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml`:
- Line 48: The startup argument
--catalog-source-field-selector=metadata.namespace=openshift-marketplace
hard-codes a namespace filter and prevents the lifecycle-controller from seeing
CatalogSource objects outside openshift-marketplace; remove this argument (or
replace it with a configurable value passed via an environment variable or
downward API) from the lifecycle-controller container args so the controller can
observe CatalogSources across namespaces (look for the lifecycle-controller
Deployment args list containing --catalog-source-field-selector and update it
accordingly).

In `@pkg/lifecycle-controller/controller.go`:
- Around line 151-166: The current loop returns the first running pod matching
the label which is non-deterministic; instead, filter pods to those with
Phase==corev1.PodRunning and with a Ready condition true, then choose a
deterministic candidate (for example pick the pod with the most recent
StartTime/CreationTimestamp) and return its imageID(p) and Spec.NodeName; update
the code around r.List and the loop that uses pods.Items to build a slice of
ready running pods, sort/select by pod.Status.StartTime (or CreationTimestamp)
and then call imageID(selectedPod) to return the digest and node.
- Around line 130-132: When imageRef == "" in the reconcile path (the block
around imageRef check in controller.go), instead of immediately returning,
delete any stale lifecycle-server resources (Deployment, Service,
ServiceAccount, NetworkPolicy) and remove or update the shared
ClusterRoleBinding (CRB) subject so RBAC is cleaned up, then re-sync the shared
CRB state before returning; implement or call a helper like
ensureLifecycleServerAbsent/cleanupLifecycleServerResources and a
resyncSharedCRB function from the reconcile loop (referencing imageRef,
reconcile/Reconcile method, and the ClusterRoleBinding subject handling) and
only then return ctrl.Result{}, nil (or requeue if needed).

In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go`:
- Around line 224-230: The Eventually block currently treats any error from
KubernetesInterface().RbacV1().ClusterRoleBindings().Get as success by returning
true; change the logic so GET errors do not satisfy the assertion: if Get
returns a NotFound error then return true (binding gone), if Get returns any
other error return false to keep retrying, and only return true when
crbContainsSubject(crb, name, ns.Name) is false; update the anonymous func in
the Eventually call that uses lcCRBName and crbContainsSubject accordingly.

---

Nitpick comments:
In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`:
- Around line 1-2: Replace the ADD instruction with COPY in the Dockerfile so
the local configs directory is copied without ADD's extra tar/URL semantics;
update the Dockerfile's second line to use COPY configs /configs (leave the FROM
scratch line unchanged) to ensure the fixture uses the simpler, more appropriate
Dockerfile directive.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`:
- Around line 1-2: The Dockerfile uses "ADD configs /configs" which is
unnecessary; replace that ADD instruction with "COPY configs /configs" so the
local configs directory is copied without ADD's tar/URL behavior; update the
Dockerfile line that currently contains ADD configs /configs to use COPY instead
and keep the same destination path.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ed000ad1-d469-4ecf-b22b-bb6685a2913c

📥 Commits

Reviewing files that changed from the base of the PR and between c148b33 and 0299300.

⛔ Files ignored due to path filters (27)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/controller-runtime-common/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/controller.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/controller-runtime-common/pkg/tls/tls.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/library-go/pkg/crypto/crypto.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (32)

• Makefile
• cmd/lifecycle-controller/main.go
• cmd/lifecycle-controller/start.go
• cmd/lifecycle-controller/util.go
• go.mod
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• pkg/lifecycle-controller/TODO.md
• pkg/lifecycle-controller/controller.go
• pkg/lifecycle-controller/controller_test.go
• pkg/lifecycle-controller/tls.go
• pkg/lifecycle-controller/tls_test.go
• scripts/generate_crds_manifests.sh
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/configs/catalog.json

✅ Files skipped from review due to trivial changes (13)

• microshift-manifests/kustomization.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• pkg/lifecycle-controller/TODO.md
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• pkg/lifecycle-controller/tls_test.go
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• cmd/lifecycle-controller/start.go

🚧 Files skipped from review as they are similar to previous changes (7)

• operator-lifecycle-manager.Dockerfile
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• cmd/lifecycle-controller/util.go
• cmd/lifecycle-controller/main.go
• Makefile
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• scripts/generate_crds_manifests.sh

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile (1)

2-2: Use COPY instead of ADD for the plain directory copy.

The COPY instruction is the appropriate choice for copying local directories. The ADD instruction should be reserved for remote URLs and automatic tar extraction, avoiding unintended behavior.

Suggested patch

-ADD configs /configs
+COPY configs /configs

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`
at line 2, The Dockerfile uses the ADD instruction to copy a local directory
(ADD configs /configs); replace that with the COPY instruction to avoid
unintended behavior—change the ADD configs /configs line to COPY configs
/configs in the Dockerfile so the local directory is copied plainly (no
automatic tar extraction or URL handling).

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile (1)

2-2: Use COPY instead of ADD for plain directory copy.

ADD has extra semantics (URL/tar handling) that are unnecessary here and can be surprising. Since configs is a directory, COPY is the more appropriate choice.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`
at line 2, Replace the Dockerfile ADD instruction "ADD configs /configs" with
the equivalent COPY instruction by changing it to "COPY configs /configs" so the
plain directory copy uses COPY instead of ADD; update the Dockerfile line
containing ADD configs /configs accordingly.

pkg/lifecycle-controller/controller_test.go (1)

675-688: ⚡ Quick win

Add regression coverage for stale cleanup and multi-pod selection

Current tests don’t cover two critical edge paths:

• pre-existing lifecycle resources when Line 130 returns with no imageRef, and
• multiple running catalog pods requiring deterministic selection.

Adding these cases will lock in behavior and prevent regressions once controller fixes land.

Also applies to: 867-930

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller_test.go` around lines 675 - 688, Add two
tests to controller_test.go using the existing helpers (newCatalogSource,
testClientBuilder, testReconciler) that call r.Reconcile(ctx, ctrl.Request{...})
like TestReconcile_NoPodRunning: (1) create a CatalogSource with no imageRef and
pre-existing lifecycle resources (Lifecycle objects/conditions) and assert that
after Reconcile those stale lifecycle resources are removed/cleaned up and
Reconcile returns ctrl.Result{} with no error; (2) create a CatalogSource with
multiple running catalog Pods and assert the controller's deterministic
selection behavior by seeding Pods with distinct creationTimestamps/labels and
verifying Reconcile selected the expected pod (e.g., earliest CreationTimestamp
or the selection criterion implemented in Reconcile) and produced the expected
lifecycle update; use the same test helpers and assert on object
presence/absence and specific lifecycle status updates to lock in behavior.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml`:
- Around line 39-55: The RBAC rules currently grant the overly broad "update"
verb for the lifecycle controller on resources "services", "serviceaccounts",
"networkpolicies", and "clusterrolebindings"; remove "update" from the verbs
arrays for the rules that target these resources (the entries that list
resources: ["services"], ["serviceaccounts"], ["networkpolicies"], and
["clusterrolebindings"]) so they only use the needed verbs (e.g.,
"get","list","watch","create","patch","delete") to enforce least privilege
without changing reconcile behavior.

In `@pkg/lifecycle-controller/controller.go`:
- Around line 341-358: resourceName currently truncates long csName directly
which can make distinct CatalogSource names collide; update resourceName to
preserve uniqueness by computing a short deterministic hash when truncation is
needed: normalize csName as now, compute suffix using resourceBaseName,
determine maxPrefix for the prefix part, and if len(csName) > maxPrefix then
compute a compact hash (e.g., sha256 and hex-encode first 6 chars), trim csName
to fit maxPrefix minus len("-")+len(hash6) so you can insert "-<hash6>" before
"-"+resourceBaseName, then trim trailing "-" and return csName + "-" + hash6 +
"-" + resourceBaseName; ensure all name length checks still enforce the 63-char
limit and keep references to the resourceName function and resourceBaseName
symbol for locating the change.

In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go`:
- Around line 31-33: The test builds an HTTP fetch command with wget flags into
the args slice which currently includes "-S" (in the args variable assembled
with extraArgs and url), and "-S" can inject response headers into stderr that
pollutes captured logs and breaks json.Unmarshal assertions; remove the "-S"
flag from the args construction (and the other identical occurrence around lines
176-179) so args becomes []string{"-O", "/dev/stdout", "-q"} (and preserve
appending extraArgs and url), updating any test helper that assembles wget args
accordingly (locate the code that sets args, the extraArgs append sites, and the
uses that parse body to ensure they now receive clean JSON).

---

Nitpick comments:
In `@pkg/lifecycle-controller/controller_test.go`:
- Around line 675-688: Add two tests to controller_test.go using the existing
helpers (newCatalogSource, testClientBuilder, testReconciler) that call
r.Reconcile(ctx, ctrl.Request{...}) like TestReconcile_NoPodRunning: (1) create
a CatalogSource with no imageRef and pre-existing lifecycle resources (Lifecycle
objects/conditions) and assert that after Reconcile those stale lifecycle
resources are removed/cleaned up and Reconcile returns ctrl.Result{} with no
error; (2) create a CatalogSource with multiple running catalog Pods and assert
the controller's deterministic selection behavior by seeding Pods with distinct
creationTimestamps/labels and verifying Reconcile selected the expected pod
(e.g., earliest CreationTimestamp or the selection criterion implemented in
Reconcile) and produced the expected lifecycle update; use the same test helpers
and assert on object presence/absence and specific lifecycle status updates to
lock in behavior.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`:
- Line 2: The Dockerfile uses the ADD instruction to copy a local directory (ADD
configs /configs); replace that with the COPY instruction to avoid unintended
behavior—change the ADD configs /configs line to COPY configs /configs in the
Dockerfile so the local directory is copied plainly (no automatic tar extraction
or URL handling).

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`:
- Line 2: Replace the Dockerfile ADD instruction "ADD configs /configs" with the
equivalent COPY instruction by changing it to "COPY configs /configs" so the
plain directory copy uses COPY instead of ADD; update the Dockerfile line
containing ADD configs /configs accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 7a9ff271-0670-4015-a8af-f3a500641768

📥 Commits

Reviewing files that changed from the base of the PR and between 0299300 and 3f14838.

⛔ Files ignored due to path filters (262)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/api/config/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_dns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiservernamedservingcert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverservingcerts.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/audit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/auditcustomrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsingressspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/basicauthidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/builddefaults.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildoverrides.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerips.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clustercondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusternetworkentry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatuscondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentoverride.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapfilereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapnamereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/console.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consoleauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/custom.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customfeaturegates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/deprecatedwebhooktokenauthenticator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnszone.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/equinixmetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalipconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalippolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/extramapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateattributes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatedetails.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateselection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gathererconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/githubidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gitlabidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/googleidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/htpasswdidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsourcestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityproviderconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/image.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorsetspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagelabel.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorsetspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagather.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagatherspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/keystoneidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kubevirtplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapattributemapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/loadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/maxagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigrationvalues.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnostics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticssourceplacement.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticstargetplacement.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkmigration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/node.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixfailuredomain.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismelementendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixresourceidentifier.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthremoteconnectioninfo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthtemplates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/objectreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openidclaims.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openididentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operandversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhub.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeclaimreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/pkicertificatesubject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyfulciosubject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyidentity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchexactrepository.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchremapidentity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/profilecustomizations.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/project.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/projectspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/promqlclustercondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrylocation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/release.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/repositorydigestmirrors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requestheaderidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requiredhstspolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/scheduler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/schedulerspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/secretnamereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/signaturestore.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/storage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/templatereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlsprofilespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmappings.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimorexpressionmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationcelrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenissuer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenrequiredclaim.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenuservalidationrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/updatehistory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameprefix.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultapproleauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultconfigmapreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultsecretreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaulttlsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainhostgroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainregionaffinity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainzoneaffinity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformfailuredomainspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformnodenetworking.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformnodenetworkingspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformtopology.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformvcenterspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/webhooktokenauthenticator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/additionalalertmanagerconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagerconfig.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (32)

• Makefile
• cmd/lifecycle-controller/main.go
• cmd/lifecycle-controller/start.go
• cmd/lifecycle-controller/util.go
• go.mod
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• pkg/lifecycle-controller/TODO.md
• pkg/lifecycle-controller/controller.go
• pkg/lifecycle-controller/controller_test.go
• pkg/lifecycle-controller/tls.go
• pkg/lifecycle-controller/tls_test.go
• scripts/generate_crds_manifests.sh
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/configs/catalog.json

✅ Files skipped from review due to trivial changes (12)

• operator-lifecycle-manager.Dockerfile
• cmd/lifecycle-controller/main.go
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• cmd/lifecycle-controller/util.go
• pkg/lifecycle-controller/tls_test.go
• microshift-manifests/kustomization.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• pkg/lifecycle-controller/TODO.md
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• go.mod

🚧 Files skipped from review as they are similar to previous changes (7)

• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• Makefile
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml

[perdasilva]

@coderabbitai resume

[coderabbitai]

✅ Actions performed

Reviews resumed.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

go.mod (1)

254-254: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Reintroduced fork replace should be re-validated and documented as temporary.

Line 254 points github.com/openshift/controller-runtime-common to a fork again. This area already regressed once; if the pseudo-version commit isn’t present (or the fork diverges), module resolution and provenance become brittle. Please either pin upstream directly or add a clear temporary-override comment with removal criteria.

#!/bin/bash
set -euo pipefail

echo "Checking commit presence in fork:"
git ls-remote https://github.com/joelanford/controller-runtime-common.git | grep 'afe447e6c57e' || echo "not found in fork"

echo
echo "Checking commit presence upstream:"
git ls-remote https://github.com/openshift/controller-runtime-common.git | grep 'afe447e6c57e' || echo "not found upstream"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 254, The go.mod currently contains a temporary replace of
github.com/openshift/controller-runtime-common to the fork
github.com/joelanford/controller-runtime-common at pseudo-version
v0.0.0-20260206162334-afe447e6c57e; revalidate and document this override by
either pinning the official upstream module (remove the replace and update
require to a proper upstream version) or keep the replace but add a clear
comment above it describing why the fork is used, the exact commit SHA
(afe447e6c57e), and explicit removal criteria/date (e.g., when upstream contains
the commit or a released version), and ensure the fork commit actually exists as
part of the change validation described in the review.

pkg/lifecycle-controller/controller.go (1)

131-133: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Clean up stale lifecycle-server resources when the catalog pod disappears.

This early return still leaves previously created resources and the shared CRB subject behind when a matching catalog pod goes away. The controller then keeps serving stale catalog content and retains RBAC until some unrelated reconcile happens.

Suggested fix

 	if imageRef == "" {
-		log.Info("no valid image ref for catalog source, waiting for pod")
-		return ctrl.Result{}, nil
+		log.Info("no valid image ref for catalog source, cleaning up stale lifecycle-server resources")
+		if err := r.cleanupResources(ctx, log, cs.Namespace, cs.Name); err != nil {
+			return ctrl.Result{}, err
+		}
+		return ctrl.Result{}, r.reconcileClusterRoleBinding(ctx, log)
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller.go` around lines 131 - 133, When imageRef
== "" inside the Reconcile (controller.Reconcile) path, do not return
immediately; instead invoke a cleanup routine that deletes any previously
created lifecycle-server resources and removes the shared ClusterRoleBinding
subject for that catalog source (implement a function like
cleanupLifecycleResources or removeSharedCRBSubject and call it from the
Reconcile branch where imageRef == ""), propagate and log errors from that
cleanup (and requeue on transient failures) and only then return ctrl.Result{},
nil so stale catalog content and RBAC are removed when the catalog pod
disappears.

🧹 Nitpick comments (2)

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile (1)

2-2: ⚡ Quick win

Prefer COPY over ADD for local fixture directories.

Line 2 should use COPY for a straightforward local directory transfer.

Proposed patch

-ADD configs /configs
+COPY configs /configs

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`
at line 2, Replace the Dockerfile instruction that uses ADD for the local
fixtures with COPY: change the ADD configs /configs instruction to COPY configs
/configs so the local directory is copied without ADD's extra behaviors; update
the Dockerfile entry that currently contains "ADD configs /configs" to use
"COPY" instead.

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile (1)

2-2: ⚡ Quick win

Prefer COPY over ADD for local fixture directories.

Line 2 is a plain local copy; COPY avoids extra ADD semantics (URL/tar handling) and keeps intent explicit.

Proposed patch

-ADD configs /configs
+COPY configs /configs

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`
at line 2, Replace the Dockerfile ADD usage with COPY for the local fixtures:
locate the Dockerfile line that uses ADD configs /configs and change it to use
COPY instead so it only performs a plain local file copy (removing ADD's extra
URL/tar semantics) and keep the intent explicit for the configs directory.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/lifecycle-controller/controller.go`:
- Around line 645-654: The predicate currently returns true only when Phase,
Spec.NodeName, or imageID change, but it must also trigger when the Pod Ready
condition flips; update the change-check block (the code that compares oldPod
and newPod and calls imageID(oldPod)/imageID(newPod)) to also compare the Ready
condition (e.g. via a helper like isPodReady(oldPod) vs isPodReady(newPod) or by
checking the PodReady condition on oldPod.Status.Conditions and
newPod.Status.Conditions) and return true when the ready boolean differs so
transitions Running/NotReady -> Running/Ready will reconcile and create the
lifecycle-server.

---

Duplicate comments:
In `@go.mod`:
- Line 254: The go.mod currently contains a temporary replace of
github.com/openshift/controller-runtime-common to the fork
github.com/joelanford/controller-runtime-common at pseudo-version
v0.0.0-20260206162334-afe447e6c57e; revalidate and document this override by
either pinning the official upstream module (remove the replace and update
require to a proper upstream version) or keep the replace but add a clear
comment above it describing why the fork is used, the exact commit SHA
(afe447e6c57e), and explicit removal criteria/date (e.g., when upstream contains
the commit or a released version), and ensure the fork commit actually exists as
part of the change validation described in the review.

In `@pkg/lifecycle-controller/controller.go`:
- Around line 131-133: When imageRef == "" inside the Reconcile
(controller.Reconcile) path, do not return immediately; instead invoke a cleanup
routine that deletes any previously created lifecycle-server resources and
removes the shared ClusterRoleBinding subject for that catalog source (implement
a function like cleanupLifecycleResources or removeSharedCRBSubject and call it
from the Reconcile branch where imageRef == ""), propagate and log errors from
that cleanup (and requeue on transient failures) and only then return
ctrl.Result{}, nil so stale catalog content and RBAC are removed when the
catalog pod disappears.

---

Nitpick comments:
In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`:
- Line 2: Replace the Dockerfile instruction that uses ADD for the local
fixtures with COPY: change the ADD configs /configs instruction to COPY configs
/configs so the local directory is copied without ADD's extra behaviors; update
the Dockerfile entry that currently contains "ADD configs /configs" to use
"COPY" instead.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`:
- Line 2: Replace the Dockerfile ADD usage with COPY for the local fixtures:
locate the Dockerfile line that uses ADD configs /configs and change it to use
COPY instead so it only performs a plain local file copy (removing ADD's extra
URL/tar semantics) and keep the intent explicit for the configs directory.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c8217f79-0cc3-41a5-a138-3aa31da88b0b

📥 Commits

Reviewing files that changed from the base of the PR and between 0299300 and 6ef40ba.

⛔ Files ignored due to path filters (260)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/api/config/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_dns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiservernamedservingcert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverservingcerts.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/audit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/auditcustomrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsingressspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/basicauthidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/builddefaults.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildoverrides.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerips.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clustercondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusternetworkentry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatuscondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentoverride.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapfilereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapnamereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/console.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consoleauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/custom.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customfeaturegates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/deprecatedwebhooktokenauthenticator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnszone.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/equinixmetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalipconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalippolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/extramapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateattributes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatedetails.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateselection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gathererconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/githubidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gitlabidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/googleidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/htpasswdidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsourcestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityproviderconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/image.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorsetspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagelabel.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorsetspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagather.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagatherspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/keystoneidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kubevirtplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapattributemapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/loadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/maxagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigrationvalues.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnostics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticssourceplacement.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticstargetplacement.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkmigration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/node.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixfailuredomain.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismelementendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixresourceidentifier.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthremoteconnectioninfo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthtemplates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/objectreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openidclaims.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openididentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operandversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhub.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeclaimreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/pkicertificatesubject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyfulciosubject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyidentity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchexactrepository.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchremapidentity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/profilecustomizations.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/project.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/projectspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/promqlclustercondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrylocation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/release.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/repositorydigestmirrors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requestheaderidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requiredhstspolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/scheduler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/schedulerspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/secretnamereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/signaturestore.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/storage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/templatereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlsprofilespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmappings.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimorexpressionmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationcelrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenissuer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenrequiredclaim.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenuservalidationrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/updatehistory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameprefix.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultapproleauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultconfigmapreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultsecretreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaulttlsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainhostgroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainregionaffinity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vspherefailuredomainzoneaffinity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformfailuredomainspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformnodenetworking.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformnodenetworkingspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformtopology.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformvcenterspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/webhooktokenauthenticator.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (38)

• Makefile
• cmd/lifecycle-controller/main.go
• cmd/lifecycle-controller/start.go
• cmd/lifecycle-controller/util.go
• cmd/lifecycle-server/main.go
• cmd/lifecycle-server/start.go
• go.mod
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• pkg/lifecycle-controller/TODO.md
• pkg/lifecycle-controller/controller.go
• pkg/lifecycle-controller/controller_test.go
• pkg/lifecycle-controller/tls.go
• pkg/lifecycle-controller/tls_test.go
• pkg/lifecycle-server/fbc.go
• pkg/lifecycle-server/fbc_test.go
• pkg/lifecycle-server/server.go
• pkg/lifecycle-server/server_test.go
• scripts/generate_crds_manifests.sh
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/configs/catalog.json

✅ Files skipped from review due to trivial changes (15)

• operator-lifecycle-manager.Dockerfile
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• cmd/lifecycle-server/main.go
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• microshift-manifests/kustomization.yaml
• pkg/lifecycle-controller/TODO.md
• cmd/lifecycle-controller/main.go
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• cmd/lifecycle-controller/start.go
• scripts/generate_crds_manifests.sh
• pkg/lifecycle-server/server_test.go

🚧 Files skipped from review as they are similar to previous changes (7)

• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• pkg/lifecycle-controller/tls_test.go
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• Makefile
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (2)

pkg/lifecycle-controller/controller.go (2)

206-237: ⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Don't ForceOwnership over pre-existing same-name resources.

These SSA calls will claim any existing ServiceAccount, Service, Deployment, or NetworkPolicy with the generated name, even if the controller did not create it. Because the apply path also adds the controller labels, cleanupResources() can later treat that object as owned and delete it. Add a preflight ownership guard or an ownerRef/managed-by contract before force-applying.

Possible guard pattern

 func (r *LifecycleServerReconciler) ensureResources(ctx context.Context, log logr.Logger, cs *operatorsv1alpha1.CatalogSource, imageRef, nodeName string) error {
 	name := resourceName(cs.Name)
 	applyOpts := []client.ApplyOption{client.FieldOwner(fieldManager), client.ForceOwnership}
+	if err := r.ensureOwnedOrAbsent(ctx, cs.Namespace, name); err != nil {
+		return err
+	}
 
 	// Apply ServiceAccount (in catalog's namespace)
 	sa := r.buildServiceAccount(name, cs)

func (r *LifecycleServerReconciler) ensureOwnedOrAbsent(ctx context.Context, namespace, name string) error {
	objs := []client.Object{
		&corev1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace}},
		&corev1.Service{ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace}},
		&appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace}},
		&networkingv1.NetworkPolicy{ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace}},
	}
	for _, obj := range objs {
		if err := r.Get(ctx, client.ObjectKeyFromObject(obj), obj); err != nil {
			if errors.IsNotFound(err) {
				continue
			}
			return err
		}
		if !isOwnedByLifecycleController(obj) {
			return fmt.Errorf("%T %s/%s already exists and is not managed by lifecycle-controller", obj, namespace, name)
		}
	}
	return nil
}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller.go` around lines 206 - 237, The SSA calls
in ensureResources use client.ForceOwnership which will seize same-name
ServiceAccount/Service/Deployment/NetworkPolicy and can cause cleanupResources
to delete objects not originally created by this controller; add a preflight
guard (e.g., implement and call a helper like ensureOwnedOrAbsent(ctx,
cs.Namespace, name) from ensureResources before applying) that r.Get()s each
target (ServiceAccount, Service, Deployment, NetworkPolicy) and returns an error
if any existing object is present but not marked as managed by this controller
(use a helper isOwnedByLifecycleController or check an owner
label/ownerRef/managed-by contract). Only proceed to call r.Apply(...) with
client.ForceOwnership after the guard confirms resources are absent or already
owned by the lifecycle controller.

---

131-133: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Clean up stale lifecycle-server state when no Ready catalog pod remains.

If a catalog pod disappears or drops out of the Ready/running set after resources were created, this early return leaves the old Deployment/Service/ServiceAccount/NetworkPolicy and shared CRB subject in place. The controller then keeps serving stale catalog content and stale RBAC until some later reconcile happens to fix it.

Suggested fix

 	if imageRef == "" {
-		log.Info("no valid image ref for catalog source, waiting for pod")
-		return ctrl.Result{}, nil
+		log.Info("no valid image ref for catalog source, cleaning up lifecycle-server resources")
+		if err := r.cleanupResources(ctx, log, cs.Namespace, cs.Name); err != nil {
+			return ctrl.Result{}, err
+		}
+		return ctrl.Result{}, r.reconcileClusterRoleBinding(ctx, log)
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller.go` around lines 131 - 133, When imageRef
== "" and the function returns early (the block using imageRef, log.Info and
returning ctrl.Result{}), add cleanup logic to remove any stale lifecycle-server
resources: delete the lifecycle-server Deployment, Service, ServiceAccount,
NetworkPolicy and remove the shared ClusterRoleBinding subject so stale RBAC and
served catalog content are cleared; implement this in the same reconcile path
before returning (or call a helper like
ensureLifecycleServerAbsent/cleanupLifecycleResources) so that
Deployment/Service/ServiceAccount/NetworkPolicy are deleted and the CRB subject
is pruned when no Ready catalog pod remains.

🧹 Nitpick comments (2)

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile (1)

2-2: ⚡ Quick win

Prefer COPY over ADD for local catalog content.

This keeps the image definition explicit and avoids ADD’s extra semantics.

Suggested change

-ADD configs /configs
+COPY configs /configs

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`
at line 2, Replace the Dockerfile's use of ADD for local catalog content with
COPY: locate the Dockerfile line containing "ADD configs /configs" and change it
to use COPY (e.g., "COPY configs /configs") so the image definition is explicit
and avoids ADD's extra semantics.

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile (1)

2-2: ⚡ Quick win

Use COPY instead of ADD for local directory copy.

ADD is broader than needed here; COPY is clearer and avoids unintended behaviors.

Suggested change

-ADD configs /configs
+COPY configs /configs

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`
at line 2, Replace the Dockerfile instruction that uses "ADD configs /configs"
with the simpler "COPY" form to avoid ADD's extra behaviors; locate the line
containing "ADD configs /configs" in the Dockerfile and change it to use "COPY
configs /configs" so the local directory is copied explicitly without unintended
extraction or remote URL handling.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml`:
- Around line 53-55: The RBAC rule for apiGroups "rbac.authorization.k8s.io" on
resource "clusterrolebindings" is missing the "delete" verb which prevents the
reconciler from cleaning up ClusterRoleBindings; update the verbs array for that
rule (the rule that lists resources: ["clusterrolebindings"] and apiGroups:
["rbac.authorization.k8s.io"]) to include "delete" so the controller can perform
delete operations during reconciliation/cleanup.

In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go`:
- Around line 66-83: The waitForCatalogPodRunning helper currently returns true
when any pod.Status.Phase == corev1.PodRunning; change it to require the pod be
both Running and Ready by inspecting pod.Status.Conditions (or the PodReady
condition) and only returning true when Phase == corev1.PodRunning and the
PodReady condition has Status == corev1.ConditionTrue; update the loop in
waitForCatalogPodRunning (and keep the same call to List and timeout
lcResourceTimeout) so the Eventually predicate reflects Ready pods rather than
just Running ones.

---

Duplicate comments:
In `@pkg/lifecycle-controller/controller.go`:
- Around line 206-237: The SSA calls in ensureResources use
client.ForceOwnership which will seize same-name
ServiceAccount/Service/Deployment/NetworkPolicy and can cause cleanupResources
to delete objects not originally created by this controller; add a preflight
guard (e.g., implement and call a helper like ensureOwnedOrAbsent(ctx,
cs.Namespace, name) from ensureResources before applying) that r.Get()s each
target (ServiceAccount, Service, Deployment, NetworkPolicy) and returns an error
if any existing object is present but not marked as managed by this controller
(use a helper isOwnedByLifecycleController or check an owner
label/ownerRef/managed-by contract). Only proceed to call r.Apply(...) with
client.ForceOwnership after the guard confirms resources are absent or already
owned by the lifecycle controller.
- Around line 131-133: When imageRef == "" and the function returns early (the
block using imageRef, log.Info and returning ctrl.Result{}), add cleanup logic
to remove any stale lifecycle-server resources: delete the lifecycle-server
Deployment, Service, ServiceAccount, NetworkPolicy and remove the shared
ClusterRoleBinding subject so stale RBAC and served catalog content are cleared;
implement this in the same reconcile path before returning (or call a helper
like ensureLifecycleServerAbsent/cleanupLifecycleResources) so that
Deployment/Service/ServiceAccount/NetworkPolicy are deleted and the CRB subject
is pruned when no Ready catalog pod remains.

---

Nitpick comments:
In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`:
- Line 2: Replace the Dockerfile instruction that uses "ADD configs /configs"
with the simpler "COPY" form to avoid ADD's extra behaviors; locate the line
containing "ADD configs /configs" in the Dockerfile and change it to use "COPY
configs /configs" so the local directory is copied explicitly without unintended
extraction or remote URL handling.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`:
- Line 2: Replace the Dockerfile's use of ADD for local catalog content with
COPY: locate the Dockerfile line containing "ADD configs /configs" and change it
to use COPY (e.g., "COPY configs /configs") so the image definition is explicit
and avoids ADD's extra semantics.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b6dbf754-a814-47e3-8a14-1500f9cd235f

📥 Commits

Reviewing files that changed from the base of the PR and between 6ef40ba and 509d421.

📒 Files selected for processing (31)

• Makefile
• cmd/lifecycle-controller/main.go
• cmd/lifecycle-controller/start.go
• cmd/lifecycle-controller/util.go
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• pkg/lifecycle-controller/TODO.md
• pkg/lifecycle-controller/controller.go
• pkg/lifecycle-controller/controller_test.go
• pkg/lifecycle-controller/tls.go
• pkg/lifecycle-controller/tls_test.go
• scripts/generate_crds_manifests.sh
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/configs/catalog.json

✅ Files skipped from review due to trivial changes (16)

• operator-lifecycle-manager.Dockerfile
• cmd/lifecycle-controller/main.go
• microshift-manifests/kustomization.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• pkg/lifecycle-controller/tls_test.go
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• pkg/lifecycle-controller/TODO.md
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• pkg/lifecycle-controller/controller_test.go
• scripts/generate_crds_manifests.sh
• cmd/lifecycle-controller/start.go

🚧 Files skipped from review as they are similar to previous changes (4)

• cmd/lifecycle-controller/util.go
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile (1)

2-2: ⚡ Quick win

Prefer COPY over ADD for this local file transfer.

This keeps intent explicit and avoids ADD’s implicit behaviors.

Suggested patch

 FROM scratch
-ADD configs /configs
+COPY configs /configs

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`
at line 2, Replace the Dockerfile ADD usage with COPY to avoid ADD's implicit
behaviors: locate the line containing "ADD configs /configs" in the Dockerfile
used by the lifecycle catalog and change it to use COPY (i.e., "COPY configs
/configs") so the intent is explicit and only local file copy semantics are
applied.

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile (1)

2-2: ⚡ Quick win

Use COPY instead of ADD for local directory copy.

ADD brings extra behaviors (URL/tar handling) that are not needed here; COPY is the safer, explicit choice.

Suggested patch

 FROM scratch
-ADD configs /configs
+COPY configs /configs

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`
at line 2, The Dockerfile uses ADD to copy a local directory ("ADD configs
/configs"); replace this with the explicit COPY instruction ("COPY configs
/configs") to avoid ADD's extra behaviors (URL/tar extraction). Update the
Dockerfile by changing the ADD line to COPY, keeping the same source and
destination paths and ensuring build context includes the configs directory so
the COPY succeeds.

staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go (1)

95-99: ⚡ Quick win

Avoid selecting deployment container image by index.

Using Containers[0] makes the test fragile if container order changes or sidecars are introduced. Select by container name instead.

Suggested patch

 func getLifecycleServerImage(namespace, catalogName string) string {
 	c := ctx.Ctx().KubeClient()
 	name := lcResourceName(catalogName)
 	dep, err := c.KubernetesInterface().AppsV1().Deployments(namespace).Get(context.Background(), name, metav1.GetOptions{})
 	Expect(err).NotTo(HaveOccurred(), "failed to get lifecycle-server Deployment")
 	Expect(dep.Spec.Template.Spec.Containers).NotTo(BeEmpty(), "Deployment has no containers")
-	return dep.Spec.Template.Spec.Containers[0].Image
+	for _, ctr := range dep.Spec.Template.Spec.Containers {
+		if ctr.Name == "lifecycle-server" {
+			return ctr.Image
+		}
+	}
+	Fail("lifecycle-server container not found in Deployment")
+	return ""
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go`
around lines 95 - 99, The test currently picks the container image using
dep.Spec.Template.Spec.Containers[0], which is fragile; instead iterate
dep.Spec.Template.Spec.Containers to find the container by name (e.g.,
"lifecycle-server" or the expected container name tied to the Deployment) and
return that container's Image, failing the test if no matching container is
found. Update the code that calls
c.KubernetesInterface().AppsV1().Deployments(...).Get(...) and replace the
direct index access with a loop that checks container.Name on each element of
dep.Spec.Template.Spec.Containers, uses Expect/Fail if not found, and then
returns the matching container.Image.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go`:
- Around line 112-116: The loop returns a pod IP as soon as pod.Status.Phase ==
corev1.PodRunning and pod.Status.PodIP != "", which can return a non-ready pod;
change the check to also verify the PodReady condition is true before returning.
In the loop over pods.Items, inspect pod.Status.Conditions for a condition with
Type == corev1.PodReady and Status == corev1.ConditionTrue (or
metav1.ConditionTrue) and only return pod.Status.PodIP when Phase is Running,
PodIP is non-empty, and the Ready condition is true.

---

Nitpick comments:
In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go`:
- Around line 95-99: The test currently picks the container image using
dep.Spec.Template.Spec.Containers[0], which is fragile; instead iterate
dep.Spec.Template.Spec.Containers to find the container by name (e.g.,
"lifecycle-server" or the expected container name tied to the Deployment) and
return that container's Image, failing the test if no matching container is
found. Update the code that calls
c.KubernetesInterface().AppsV1().Deployments(...).Get(...) and replace the
direct index access with a loop that checks container.Name on each element of
dep.Spec.Template.Spec.Containers, uses Expect/Fail if not found, and then
returns the matching container.Image.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile`:
- Line 2: The Dockerfile uses ADD to copy a local directory ("ADD configs
/configs"); replace this with the explicit COPY instruction ("COPY configs
/configs") to avoid ADD's extra behaviors (URL/tar extraction). Update the
Dockerfile by changing the ADD line to COPY, keeping the same source and
destination paths and ensuring build context includes the configs directory so
the COPY succeeds.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile`:
- Line 2: Replace the Dockerfile ADD usage with COPY to avoid ADD's implicit
behaviors: locate the line containing "ADD configs /configs" in the Dockerfile
used by the lifecycle catalog and change it to use COPY (i.e., "COPY configs
/configs") so the intent is explicit and only local file copy semantics are
applied.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 6daa1fcf-f00e-4522-bdd2-909fc3dddd73

📥 Commits

Reviewing files that changed from the base of the PR and between 509d421 and 5391743.

📒 Files selected for processing (7)

• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/configs/catalog.json

🚧 Files skipped from review as they are similar to previous changes (1)

• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go (1)

54-87: ⚡ Quick win

Clean up per-request wget Jobs to avoid e2e resource buildup.

Each call creates a Job and leaves it behind; repeated specs can accumulate completed Jobs/Pods in openshift-marketplace.

Suggested patch

 	_, err := c.KubernetesInterface().BatchV1().Jobs(namespace).Create(context.Background(), job, metav1.CreateOptions{})
 	Expect(err).NotTo(HaveOccurred(), "failed to create wget job %s", jobName)
+	defer func() {
+		_ = c.KubernetesInterface().BatchV1().Jobs(namespace).Delete(context.Background(), jobName, metav1.DeleteOptions{})
+	}()

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go`
around lines 54 - 87, The test creates per-request wget Jobs (variables job and
jobName) and leaves them behind; after the job completes or before each return
from this helper, delete the Job and its Pods to avoid resource buildup: call
c.KubernetesInterface().BatchV1().Jobs(namespace).Delete(ctx, jobName,
metav1.DeleteOptions{PropagationPolicy:
ptrTo(metav1.DeletePropagationBackground)}) and remove the pods via
c.KubernetesInterface().CoreV1().Pods(namespace).DeleteCollection(ctx,
metav1.DeleteOptions{}, metav1.ListOptions{LabelSelector:
fmt.Sprintf("job-name=%s", jobName)}), handle and ignore NotFound errors and log
other delete errors but do not make the test fail; perform this cleanup both on
the succeeded path and all early return paths (after GetLogs and before
returning the status/log string).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go`:
- Around line 197-200: The test incorrectly calls
waitForLifecycleServerReady(lcNamespace, catalogName) which asserts
ReadyReplicas > 0; for the no-lifecycle path readiness should be 503, so update
the test to not require pod readiness: either replace the call with a new helper
waitForLifecycleServerNotReady(lcNamespace, catalogName) or change
waitForLifecycleServerReady to accept an expectation flag (e.g.,
waitForLifecycleServerReady(lcNamespace, catalogName, expectReady bool)) and
call it with expectReady=false in this test; ensure you still call
waitForCatalogPodRunning and waitForLifecycleResources but do not assert
ReadyReplicas>0 when lifecycle data is absent, and instead assert the /readyz
HTTP status is 503 via the existing readiness-check helper.

---

Nitpick comments:
In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go`:
- Around line 54-87: The test creates per-request wget Jobs (variables job and
jobName) and leaves them behind; after the job completes or before each return
from this helper, delete the Job and its Pods to avoid resource buildup: call
c.KubernetesInterface().BatchV1().Jobs(namespace).Delete(ctx, jobName,
metav1.DeleteOptions{PropagationPolicy:
ptrTo(metav1.DeletePropagationBackground)}) and remove the pods via
c.KubernetesInterface().CoreV1().Pods(namespace).DeleteCollection(ctx,
metav1.DeleteOptions{}, metav1.ListOptions{LabelSelector:
fmt.Sprintf("job-name=%s", jobName)}), handle and ignore NotFound errors and log
other delete errors but do not make the test fail; perform this cleanup both on
the succeeded path and all early return paths (after GetLogs and before
returning the status/log string).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: aa369c78-10ec-4c9d-b644-7d75b1ff3af6

📥 Commits

Reviewing files that changed from the base of the PR and between 5391743 and 134877e.

📒 Files selected for processing (5)

• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/configs/catalog.json

✅ Files skipped from review due to trivial changes (1)

• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

waitForLifecycleServerReady conflicts with the no-lifecycle test path.

On Line 199, this test waits for ReadyReplicas > 0, but /readyz is expected to be 503 when lifecycle data is absent, so readiness may never flip true and the case can fail before reaching the API assertion.

Suggested patch

-			waitForLifecycleServerReady(lcNamespace, catalogName)
+			// No lifecycle blobs => /readyz can remain 503; wait only for pod creation/running.
+			Eventually(func() bool {
+				c := ctx.Ctx().KubeClient()
+				pods, err := c.KubernetesInterface().CoreV1().Pods(lcNamespace).List(context.Background(), metav1.ListOptions{
+					LabelSelector: fmt.Sprintf("%s=%s,%s=%s", lcAppLabelKey, lcAppLabelVal, lcCatalogNameLabelKey, catalogName),
+				})
+				if err != nil || len(pods.Items) == 0 {
+					return false
+				}
+				for _, pod := range pods.Items {
+					if pod.Status.Phase == corev1.PodRunning && pod.Status.PodIP != "" {
+						return true
+					}
+				}
+				return false
+			}, lcResourceTimeout, 5*time.Second).Should(BeTrue(), "lifecycle-server pod did not reach Running")

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go`
around lines 197 - 200, The test incorrectly calls
waitForLifecycleServerReady(lcNamespace, catalogName) which asserts
ReadyReplicas > 0; for the no-lifecycle path readiness should be 503, so update
the test to not require pod readiness: either replace the call with a new helper
waitForLifecycleServerNotReady(lcNamespace, catalogName) or change
waitForLifecycleServerReady to accept an expectation flag (e.g.,
waitForLifecycleServerReady(lcNamespace, catalogName, expectReady bool)) and
call it with expectReady=false in this test; ensure you still call
waitForCatalogPodRunning and waitForLifecycleResources but do not assert
ReadyReplicas>0 when lifecycle data is absent, and instead assert the /readyz
HTTP status is 503 via the existing readiness-check helper.

[coderabbitai]

♻️ Duplicate comments (1)

staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go (1)

197-199: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

waitForLifecycleServerReady may never succeed when no lifecycle data is loaded.

The readiness probe at /readyz returns 503 when no lifecycle data is present (per the server's NewHealthHandler). Since waitForLifecycleServerReady waits for ReadyReplicas > 0, and the readiness probe will fail, this test may timeout before reaching the API assertion on line 205.

Consider waiting only for the pod to be running (not ready) in this specific test case:

Suggested fix

 		It("should return 503 for API requests", func() {
 			catalogName := genName("ls-nolc-catalog-")
 			_, cleanup := createCatalogSourceForLifecycle(catalogName, lcNamespace, lcCatalogNoLifecycleImage)
 			defer cleanup()

 			waitForCatalogPodRunning(lcNamespace, catalogName)
 			waitForLifecycleResources(lcNamespace, catalogName)
-			waitForLifecycleServerReady(lcNamespace, catalogName)
+			// Don't wait for Ready - /readyz returns 503 when no lifecycle data is loaded
+			// Just wait for the deployment to exist and have a running pod
+			Eventually(func() bool {
+				c := ctx.Ctx().KubeClient()
+				pods, err := c.KubernetesInterface().CoreV1().Pods(lcNamespace).List(context.Background(), metav1.ListOptions{
+					LabelSelector: fmt.Sprintf("%s=%s,%s=%s", lcAppLabelKey, lcAppLabelVal, lcCatalogNameLabelKey, catalogName),
+				})
+				if err != nil || len(pods.Items) == 0 {
+					return false
+				}
+				for _, pod := range pods.Items {
+					if pod.Status.Phase == corev1.PodRunning && pod.Status.PodIP != "" {
+						return true
+					}
+				}
+				return false
+			}, lcResourceTimeout, 5*time.Second).Should(BeTrue(), "lifecycle-server pod did not reach Running")

 			image := getLifecycleServerImage(lcNamespace, catalogName)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go`
around lines 197 - 199, The test currently calls
waitForLifecycleServerReady(lcNamespace, catalogName) which will block if the
server returns 503 when no lifecycle data is loaded; change the test to only
wait for the pod to be running instead of ready in this scenario by removing or
replacing the waitForLifecycleServerReady call with
waitForCatalogPodRunning(lcNamespace, catalogName) (keep
waitForLifecycleResources(lcNamespace, catalogName) as needed) so the test
proceeds to the API assertion even when readiness fails.

🧹 Nitpick comments (4)

staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go (1)

32-35: 💤 Low value

Test helper doesn't mirror controller's name truncation logic.

The test helper lcResourceName simply concatenates csName + "-lifecycle-server", but the controller's resourceName() function (in pkg/lifecycle-controller/controller.go) handles long names by truncating and inserting a hash to stay within the 63-character DNS limit.

If test catalog names ever exceed ~48 characters, the assertion will look for the wrong resource name. Since genName() produces short prefixes, this is unlikely to cause issues currently, but consider documenting this limitation or mirroring the logic.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go`
around lines 32 - 35, The test helper lcResourceName currently just returns
csName + "-lifecycle-server" which diverges from the controller.resourceName()
behavior that truncates long names and injects a hash to enforce the 63-char DNS
limit; update lcResourceName to mirror that exact truncation+hash algorithm used
in pkg/lifecycle-controller/controller.go (or call a shared helper if
available): compute the same short hash from csName, truncate the csName prefix
so that prefix + "-" + hash + "-lifecycle-server" fits within 63 chars, and
return that constructed string so test assertions match
controller.resourceName() for long catalog names.

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile (1)

3-3: 💤 Low value

Consider pinning the base image tag for test reproducibility.

Using opm:latest could lead to flaky E2E tests if the upstream image changes unexpectedly. Consider pinning to a specific tag or digest.

Example fix

-FROM quay.io/operator-framework/opm:latest
+FROM quay.io/operator-framework/opm:v1.52.0

Regarding the Trivy warning about running as root: the opm base image typically runs as a non-root user, so this is likely a false positive due to the analyzer not inspecting the base image's USER directive.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile`
at line 3, The Dockerfile currently uses an unpinned base image "FROM
quay.io/operator-framework/opm:latest", which can cause flaky tests; update the
Dockerfile to pin the base image to a specific stable tag or digest (e.g.,
replace opm:latest with a chosen tag or `@sha256`:<digest>) so
downstream-lifecycle-controller tests are reproducible and auditable, and
document the chosen tag/digest in a comment near the FROM line.

microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml (1)

63-68: GOMEMLIMIT configuration lacks a memory limit to be effective.

GOMEMLIMIT best practices recommend pairing it with a resources.limits.memory definition (typically setting GOMEMLIMIT to 80-95% of the limit). This configuration has only a memory request (10Mi) without a limit, which reduces the effectiveness of the soft limit. According to Go runtime best practices, without a hard memory limit, GOMEMLIMIT may be unnecessary as the Go runtime self-regulates well in such scenarios.

Either define a memory limit with an appropriate GOMEMLIMIT ratio, or remove GOMEMLIMIT entirely if the design intent is to allow unrestricted memory use.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml`
around lines 63 - 68, The GOMEMLIMIT env var is set without a corresponding pod
memory hard limit, so either add a resources.limits.memory and adjust GOMEMLIMIT
to ~80–95% of that limit or remove the GOMEMLIMIT entry; specifically update the
container spec that sets the env var "GOMEMLIMIT" to also include a
resources.limits.memory (e.g., matching expected workload) and change the
"GOMEMLIMIT" value to a percentage of that limit, or delete the "GOMEMLIMIT" env
var if you intend no hard memory cap.

pkg/lifecycle-controller/controller.go (1)

586-592: 💤 Low value

Consider logging unsupported ciphers for observability.

The TLSConfigProvider.Get() returns both the TLS config and a list of unsupported ciphers, but the unsupported ciphers are discarded here. If the cluster's TLS profile includes ciphers that Go doesn't support, this information is silently lost during deployment argument construction.

If unsupported ciphers are already logged in TLSConfigProvider.Update(), this is fine. Otherwise, consider logging them here for operational visibility:

🔍 Suggested change

 if r.TLSConfigProvider != nil {
-    cfg, _ := r.TLSConfigProvider.Get()
+    cfg, unsupportedCiphers := r.TLSConfigProvider.Get()
+    if len(unsupportedCiphers) > 0 {
+        // Log at debug level since this is called during every reconcile
+        r.Log.V(1).Info("TLS profile contains unsupported ciphers", "ciphers", unsupportedCiphers)
+    }
     args = append(args, fmt.Sprintf("--tls-min-version=%s", crypto.TLSVersionToNameOrDie(cfg.MinVersion)))

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller.go` around lines 586 - 592, Capture the
second return value from TLSConfigProvider.Get() (i.e., unsupported ciphers)
instead of discarding it, and if any unsupported ciphers are returned log them
for observability; modify the block using r.TLSConfigProvider.Get() to assign
the two returns (e.g., cfg, unsupported := r.TLSConfigProvider.Get()), then when
len(unsupported) > 0 emit a log entry via the controller's logger (use the
existing logger on the receiver such as r.Logger or r.log, or fallback to the
project logging mechanism) indicating which cipher names were unsupported before
you continue to build args from cfg.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go`:
- Around line 197-199: The test currently calls
waitForLifecycleServerReady(lcNamespace, catalogName) which will block if the
server returns 503 when no lifecycle data is loaded; change the test to only
wait for the pod to be running instead of ready in this scenario by removing or
replacing the waitForLifecycleServerReady call with
waitForCatalogPodRunning(lcNamespace, catalogName) (keep
waitForLifecycleResources(lcNamespace, catalogName) as needed) so the test
proceeds to the API assertion even when readiness fails.

---

Nitpick comments:
In
`@microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml`:
- Around line 63-68: The GOMEMLIMIT env var is set without a corresponding pod
memory hard limit, so either add a resources.limits.memory and adjust GOMEMLIMIT
to ~80–95% of that limit or remove the GOMEMLIMIT entry; specifically update the
container spec that sets the env var "GOMEMLIMIT" to also include a
resources.limits.memory (e.g., matching expected workload) and change the
"GOMEMLIMIT" value to a percentage of that limit, or delete the "GOMEMLIMIT" env
var if you intend no hard memory cap.

In `@pkg/lifecycle-controller/controller.go`:
- Around line 586-592: Capture the second return value from
TLSConfigProvider.Get() (i.e., unsupported ciphers) instead of discarding it,
and if any unsupported ciphers are returned log them for observability; modify
the block using r.TLSConfigProvider.Get() to assign the two returns (e.g., cfg,
unsupported := r.TLSConfigProvider.Get()), then when len(unsupported) > 0 emit a
log entry via the controller's logger (use the existing logger on the receiver
such as r.Logger or r.log, or fallback to the project logging mechanism)
indicating which cipher names were unsupported before you continue to build args
from cfg.

In
`@staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go`:
- Around line 32-35: The test helper lcResourceName currently just returns
csName + "-lifecycle-server" which diverges from the controller.resourceName()
behavior that truncates long names and injects a hash to enforce the 63-char DNS
limit; update lcResourceName to mirror that exact truncation+hash algorithm used
in pkg/lifecycle-controller/controller.go (or call a shared helper if
available): compute the same short hash from csName, truncate the csName prefix
so that prefix + "-" + hash + "-lifecycle-server" fits within 63 chars, and
return that constructed string so test assertions match
controller.resourceName() for long catalog names.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile`:
- Line 3: The Dockerfile currently uses an unpinned base image "FROM
quay.io/operator-framework/opm:latest", which can cause flaky tests; update the
Dockerfile to pin the base image to a specific stable tag or digest (e.g.,
replace opm:latest with a chosen tag or `@sha256`:<digest>) so
downstream-lifecycle-controller tests are reproducible and auditable, and
document the chosen tag/digest in a comment near the FROM line.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 11da92f9-1ddb-4afd-9201-7f2ef49a69fe

📥 Commits

Reviewing files that changed from the base of the PR and between 134877e and 777565f.

📒 Files selected for processing (30)

• Makefile
• cmd/lifecycle-controller/main.go
• cmd/lifecycle-controller/start.go
• cmd/lifecycle-controller/util.go
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• pkg/lifecycle-controller/TODO.md
• pkg/lifecycle-controller/controller.go
• pkg/lifecycle-controller/controller_test.go
• pkg/lifecycle-controller/tls.go
• pkg/lifecycle-controller/tls_test.go
• scripts/generate_crds_manifests.sh
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/configs/catalog.json

✅ Files skipped from review due to trivial changes (13)

• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• cmd/lifecycle-controller/main.go
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• cmd/lifecycle-controller/util.go
• pkg/lifecycle-controller/TODO.md
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• cmd/lifecycle-controller/start.go
• operator-lifecycle-manager.Dockerfile
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml

🚧 Files skipped from review as they are similar to previous changes (5)

• microshift-manifests/kustomization.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• pkg/lifecycle-controller/tls_test.go
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml

[coderabbitai]

🧹 Nitpick comments (7)

microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml (1)

62-63: 💤 Low value

Verify GOMEMLIMIT of 5MiB is sufficient for the lifecycle-controller.

The GOMEMLIMIT=5MiB is quite low for a controller-runtime based application. While the memory request is 10Mi, controller-runtime's informer caches can grow depending on the number of watched objects (CatalogSources, Pods, Deployments, etc.). If the cluster has many catalog sources or resources, GC pressure could become significant.

Consider monitoring memory usage in practice or increasing to a more comfortable threshold (e.g., 8MiB or matching the request).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml`
around lines 62 - 63, The GOMEMLIMIT environment variable for the
lifecycle-controller is set to an unusually low "5MiB"; update the container's
env entry (GOMEMLIMIT) in the lifecycle-controller deployment manifest to a
higher, safer value such as "8MiB" or one that matches the memory request (e.g.,
"10MiB") to reduce GC pressure for controller-runtime informer caches and
monitor memory usage after deployment.

pkg/lifecycle-controller/controller_test.go (1)

168-172: 💤 Low value

Test case "distinct long names produce different results" is self-referential.

The expected value calls resourceName(...) with the same input as the test, which makes this test case a tautology—it will always pass regardless of implementation correctness. Consider using a pre-computed expected value instead.

However, the actual collision prevention is validated in TestResourceName_NoCollision (Lines 184-190), which correctly tests two distinct long names produce different outputs. This test case appears to be a placeholder for documenting the pattern rather than a strict assertion.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller_test.go` around lines 168 - 172, The test
case named "distinct long names produce different results" is tautological
because it computes expected by calling resourceName on the same input; change
it to assert against a concrete, precomputed expected string instead of calling
resourceName(input). Locate the test case in controller_test.go and replace
expected:
resourceName("this-is-a-very-long-catalog-source-name-that-exceeds-the-dns-xxxxx")
with the actual expected resource name value (the precomputed hashed/truncated
result your resourceName implementation should produce) so the test fails if
resourceName regresses; keep the test name and input unchanged and only modify
the expected value to a constant string.

pkg/lifecycle-controller/controller.go (1)

726-741: 💤 Low value

TLS profile change handler logs error but returns nil, silently dropping the requeue.

When listing CatalogSources fails in the TLS change handler (Line 730-733), the error is logged but the function returns nil, meaning no reconciliation requests are enqueued. A transient API server error during TLS profile changes could leave lifecycle-server deployments running with stale TLS configurations until the next unrelated reconcile.

Consider returning a sentinel request that triggers a delayed requeue, or relying on the periodic resync if that's acceptable for TLS propagation latency.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-controller/controller.go` around lines 726 - 741, The
TLS-profile change handler currently logs errors from mgr.GetClient().List but
returns nil, dropping reconciliation; modify the TypedEnqueueRequestsFromMapFunc
handler (the closure passed to source.Channel(tlsProfileChan,
handler.TypedEnqueueRequestsFromMapFunc(...))) so that when
mgr.GetClient().List(ctx, &catalogSources) returns an error you return a
sentinel reconcile.Request to force a retry (e.g., a single request that will
requeue the controller instead of an empty slice), and keep r.Log.Error(...) for
visibility; ensure you still return the full list of reconcile.Request for the
successful-list path so CatalogSource objects are enqueued as before.

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile (2)

3-3: ⚡ Quick win

Pin the base image to an immutable digest instead of :latest.

Using :latest makes test behavior drift over time and can cause non-reproducible CI results.

Proposed change

-FROM quay.io/operator-framework/opm:latest
+FROM quay.io/operator-framework/opm@sha256:<resolved-digest>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile`
at line 3, The Dockerfile currently uses a floating tag "FROM
quay.io/operator-framework/opm:latest"; change this to a pinned immutable digest
by replacing that FROM line with the same image referenced by its sha256 digest
(e.g., quay.io/operator-framework/opm@sha256:...) so the base image is fixed and
CI/tests are reproducible—update the FROM instruction in the Dockerfile
accordingly and commit the pinned digest.

---

3-15: ⚡ Quick win

Set an explicit non-root runtime user.

Please set USER explicitly so this image remains compliant with restricted policies even if base-image defaults change.

Proposed change

 FROM quay.io/operator-framework/opm:latest
@@
 RUN ["/bin/opm", "serve", "/configs", "--cache-dir=/tmp/cache", "--cache-only"]
+USER 65532:65532

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile`
around lines 3 - 15, The image lacks an explicit non-root runtime user: add a
USER instruction with a non-root uid/gid (e.g., 1000 or 65534) after the file
setup steps and before runtime execution, and update the Dockerfile so the
created runtime user can access the copied files by chown-ing /configs and the
cache dir in the RUN stage (ensure permissions for /tmp/cache and /configs);
keep ENTRYPOINT ["/bin/opm"], CMD ["serve"...] and the LABEL unchanged so the
container runs as the non-root user.

staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json (1)

1-3: ⚡ Quick win

Exclude NDJSON catalog fixtures from strict single-JSON linting.

This fixture is newline-delimited JSON records, so strict JSON parsers (like Biome in single-document mode) will keep flagging parse errors. Consider excluding this path from that rule (or treating these fixtures as JSONL) to avoid noisy failures.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json`
around lines 1 - 3, This NDJSON fixture contains newline-delimited JSON records
(schemas "olm.package", "olm.channel", "olm.bundle") and should be excluded from
strict single-JSON linting; update the lint configuration (or Biome rule set) to
either treat these catalog fixtures as JSONL or add a rule/ignore entry that
excludes files matching this catalog pattern (the catalog.json NDJSON fixture
containing entries with "olm.package"/"olm.channel"/"olm.bundle") so the linter
no longer enforces single-document JSON parsing on these fixtures.

pkg/lifecycle-server/fbc.go (1)

117-123: ⚡ Quick win

Return lifecycle versions in deterministic order.

ListVersions() currently depends on map iteration order, which is nondeterministic. Sorting here avoids unstable logs and caller behavior.

♻️ Proposed fix

 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"os"
 	"regexp"
+	"sort"
 	"sync"
@@
 func (index LifecycleIndex) ListVersions() []string {
 	versions := make([]string, 0, len(index))
 	for v := range index {
 		versions = append(versions, v)
 	}
+	sort.Strings(versions)
 	return versions
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/lifecycle-server/fbc.go` around lines 117 - 123, ListVersions currently
returns map keys in nondeterministic order; modify LifecycleIndex.ListVersions
to produce a deterministic sorted slice by collecting keys into versions and
calling sort.Strings(versions) before returning. Update the function that builds
versions (ListVersions) and import the sort package if missing so callers
receive a stable, sorted list of lifecycle versions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml`:
- Around line 62-63: The GOMEMLIMIT environment variable for the
lifecycle-controller is set to an unusually low "5MiB"; update the container's
env entry (GOMEMLIMIT) in the lifecycle-controller deployment manifest to a
higher, safer value such as "8MiB" or one that matches the memory request (e.g.,
"10MiB") to reduce GC pressure for controller-runtime informer caches and
monitor memory usage after deployment.

In `@pkg/lifecycle-controller/controller_test.go`:
- Around line 168-172: The test case named "distinct long names produce
different results" is tautological because it computes expected by calling
resourceName on the same input; change it to assert against a concrete,
precomputed expected string instead of calling resourceName(input). Locate the
test case in controller_test.go and replace expected:
resourceName("this-is-a-very-long-catalog-source-name-that-exceeds-the-dns-xxxxx")
with the actual expected resource name value (the precomputed hashed/truncated
result your resourceName implementation should produce) so the test fails if
resourceName regresses; keep the test name and input unchanged and only modify
the expected value to a constant string.

In `@pkg/lifecycle-controller/controller.go`:
- Around line 726-741: The TLS-profile change handler currently logs errors from
mgr.GetClient().List but returns nil, dropping reconciliation; modify the
TypedEnqueueRequestsFromMapFunc handler (the closure passed to
source.Channel(tlsProfileChan, handler.TypedEnqueueRequestsFromMapFunc(...))) so
that when mgr.GetClient().List(ctx, &catalogSources) returns an error you return
a sentinel reconcile.Request to force a retry (e.g., a single request that will
requeue the controller instead of an empty slice), and keep r.Log.Error(...) for
visibility; ensure you still return the full list of reconcile.Request for the
successful-list path so CatalogSource objects are enqueued as before.

In `@pkg/lifecycle-server/fbc.go`:
- Around line 117-123: ListVersions currently returns map keys in
nondeterministic order; modify LifecycleIndex.ListVersions to produce a
deterministic sorted slice by collecting keys into versions and calling
sort.Strings(versions) before returning. Update the function that builds
versions (ListVersions) and import the sort package if missing so callers
receive a stable, sorted list of lifecycle versions.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile`:
- Line 3: The Dockerfile currently uses a floating tag "FROM
quay.io/operator-framework/opm:latest"; change this to a pinned immutable digest
by replacing that FROM line with the same image referenced by its sha256 digest
(e.g., quay.io/operator-framework/opm@sha256:...) so the base image is fixed and
CI/tests are reproducible—update the FROM instruction in the Dockerfile
accordingly and commit the pinned digest.
- Around line 3-15: The image lacks an explicit non-root runtime user: add a
USER instruction with a non-root uid/gid (e.g., 1000 or 65534) after the file
setup steps and before runtime execution, and update the Dockerfile so the
created runtime user can access the copied files by chown-ing /configs and the
cache dir in the RUN stage (ensure permissions for /tmp/cache and /configs);
keep ENTRYPOINT ["/bin/opm"], CMD ["serve"...] and the LABEL unchanged so the
container runs as the non-root user.

In
`@staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json`:
- Around line 1-3: This NDJSON fixture contains newline-delimited JSON records
(schemas "olm.package", "olm.channel", "olm.bundle") and should be excluded from
strict single-JSON linting; update the lint configuration (or Biome rule set) to
either treat these catalog fixtures as JSONL or add a rule/ignore entry that
excludes files matching this catalog pattern (the catalog.json NDJSON fixture
containing entries with "olm.package"/"olm.channel"/"olm.bundle") so the linter
no longer enforces single-document JSON parsing on these fixtures.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 77cec337-9795-4712-9959-918696786f17

📥 Commits

Reviewing files that changed from the base of the PR and between 777565f and af2591a.

⛔ Files ignored due to path filters (224)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/api/config/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_dns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiservernamedservingcert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverservingcerts.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/audit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/auditcustomrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsingressspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/basicauthidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/builddefaults.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildoverrides.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerips.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clustercondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusternetworkentry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatuscondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentoverride.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapfilereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapnamereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/console.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consoleauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/custom.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customfeaturegates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/deprecatedwebhooktokenauthenticator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnszone.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/equinixmetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalipconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalippolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/extramapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateattributes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatedetails.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregateselection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/featuregatestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gathererconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/githubidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gitlabidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/googleidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/htpasswdidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/hubsourcestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ibmcloudserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/identityproviderconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/image.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagecontentpolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagedigestmirrorsetspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagelabel.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagetagmirrorsetspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ingressstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagather.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagatherspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/keystoneidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/kubevirtplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapattributemapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ldapidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/loadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/maxagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/mtumigrationvalues.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnostics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticssourceplacement.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkdiagnosticstargetplacement.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkmigration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/node.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nodestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixfailuredomain.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismelementendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixprismendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixresourceidentifier.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthremoteconnectioninfo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oauthtemplates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/objectreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcclientstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openidclaims.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openididentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operandversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhub.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/operatorhubstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeclaimreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/pkicertificatesubject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyfulciosubject.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyidentity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchexactrepository.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policymatchremapidentity.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/powervsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/profilecustomizations.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/project.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/projectspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/promqlclustercondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/proxystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrylocation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/registrysources.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/release.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/repositorydigestmirrors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requestheaderidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/requiredhstspolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/scheduler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/schedulerspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/secretnamereference.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (37)

• Makefile
• cmd/lifecycle-controller/main.go
• cmd/lifecycle-controller/start.go
• cmd/lifecycle-controller/util.go
• cmd/lifecycle-server/main.go
• cmd/lifecycle-server/start.go
• go.mod
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.deployment.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/kustomization.yaml
• operator-lifecycle-manager.Dockerfile
• pkg/lifecycle-controller/TODO.md
• pkg/lifecycle-controller/controller.go
• pkg/lifecycle-controller/controller_test.go
• pkg/lifecycle-controller/tls.go
• pkg/lifecycle-controller/tls_test.go
• pkg/lifecycle-server/fbc.go
• pkg/lifecycle-server/fbc_test.go
• pkg/lifecycle-server/server.go
• pkg/lifecycle-server/server_test.go
• scripts/generate_crds_manifests.sh
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/Dockerfile
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog-no-lifecycle/configs/catalog.json
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/lifecycle-catalog/configs/catalog.json

✅ Files skipped from review due to trivial changes (10)

• cmd/lifecycle-server/main.go
• operator-lifecycle-manager.Dockerfile
• microshift-manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_09-lifecycle-server.rbac.yaml
• microshift-manifests/0000_50_olm_08-lifecycle-controller.rbac.yaml
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_controller_test.go
• microshift-manifests/kustomization.yaml
• staging/operator-lifecycle-manager/test/e2e/downstream_lifecycle_server_test.go
• pkg/lifecycle-controller/TODO.md

🚧 Files skipped from review as they are similar to previous changes (10)

• manifests/0000_50_olm_08-lifecycle-controller.service.yaml
• manifests/0000_50_olm_08-lifecycle-controller.networkpolicy.yaml
• pkg/lifecycle-server/fbc_test.go
• manifests/0000_50_olm_08-lifecycle-controller.deployment.ibm-cloud-managed.yaml
• cmd/lifecycle-server/start.go
• pkg/lifecycle-server/server.go
• staging/operator-lifecycle-manager/test/images/downstream-lifecycle-controller/build.sh
• Makefile
• go.mod
• scripts/generate_crds_manifests.sh

[openshift-ci]

@perdasilva: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.